c823997333ec1c4f33528ed5d99e9be3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c823997333ec1c4f33528ed5d99e9be3_JaffaCakes118
Size

3.8MB
MD5

c823997333ec1c4f33528ed5d99e9be3
SHA1

0a20f8141f73f00ac1151b6b29d9a39b003ca642
SHA256

6b3f29aad86348d76f938653ce5c640ab114c1419142877a709de5d7fe605f16
SHA512

d8446c290625b9b5c7ac04dfc7578b20181900c76e5ac360119384bbbd0608685a7f933954d2b49d6efe15f09724678c88c5b331a13d9abafaa9c665386a29bf
SSDEEP

49152:oB2dXPDkOZ7rBGMwo6cIdgUdRpuZ5bHgJ4DKHU7Y1FH1yw5zhq4/FepBDdLYcGV1:4K3visZ5bAsWzhqCedLYTVjQqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c823997333ec1c4f33528ed5d99e9be3_JaffaCakes118

Files

c823997333ec1c4f33528ed5d99e9be3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e08d67a0ff555f7039b4b00a44317b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NetworkLib\Garena\platform\old\garena_client\bin\Garena.pdb

Imports

sqlite3

sqlite3_column_type
sqlite3_reset
sqlite3_column_name16
sqlite3_column_text16
sqlite3_bind_text16
sqlite3_changes
sqlite3_step
sqlite3_finalize
sqlite3_prepare16
sqlite3_close
sqlite3_open16
sqlite3_errmsg16
sqlite3_free
sqlite3_column_count
sqlite3_busy_timeout
sqlite3_last_insert_rowid

inject

InjectCode

ggsec

ord3

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
SetFilePointer
SystemTimeToFileTime
GetFileAttributesW
LocalFileTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
HeapAlloc
GetTimeFormatA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetModuleFileNameW
MulDiv
lstrcmpW
GetLastError
InterlockedDecrement
TerminateThread
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
lstrcpynW
CreateFileMappingA
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateMutexW
OpenMutexW
GetDateFormatA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CompareStringW
lstrlenW
FlushInstructionCache
GetCurrentProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
lstrcmpiW
SetLastError
WideCharToMultiByte
lstrcpyW
MultiByteToWideChar
lstrlenA
ResumeThread
SetThreadPriority
CloseHandle
Sleep
GetTickCount
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleHandleW
CreateFileW
ReadFile
GetFileSize
GetLocalTime
GetVersionExW
CreateThread
LoadLibraryExW
GetPrivateProfileStringW
lstrcmpiA
CreateProcessW
TerminateProcess
SetCurrentDirectoryW
CreateEventA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
GetExitCodeThread
InterlockedIncrement

user32

ScreenToClient
FindWindowW
SetActiveWindow
DrawIconEx
IsMenu
UnregisterClassA
SendMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetMenu
SetWindowPos
GetWindowRect
GetClientRect
OffsetRect
DestroyIcon
LoadIconW
FindWindowExW
ChildWindowFromPoint
IsRectEmpty
SetRect
GetUpdateRect
EnumChildWindows
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetKeyState
RemoveMenu
TrackPopupMenu
GetScrollInfo
SetScrollPos
SetMenuDefaultItem
GetMenuItemInfoW
PostQuitMessage
MessageBoxW
SetMenuItemInfoW
GetWindowDC
GetSystemMetrics
DrawEdge
SetRectEmpty
SetFocus
ClientToScreen
PostMessageW
CheckMenuItem
GetClassInfoW
RegisterClassW
CopyRect
IntersectRect
BringWindowToTop
GetForegroundWindow
FlashWindow
EnableWindow
CheckDlgButton
GetParent
IsZoomed
DestroyCursor
PeekMessageW
TranslateMessage
DispatchMessageW
GetMessageW
LoadImageW
GetDlgItem
AdjustWindowRectEx
IsWindow
MapWindowPoints
SystemParametersInfoW
GetWindow
DrawTextW
ShowWindow
CharNextW
DefWindowProcW
BeginPaint
EndPaint
GetDC
ReleaseDC
ReleaseCapture
GetCapture
PtInRect
SetCapture
UpdateWindow
InvalidateRect
GetDlgCtrlID
CallWindowProcW
SetCursor
GetCursorPos
LoadCursorW
GetClassNameW
CreateDialogParamW
SetForegroundWindow
IsIconic
EndDialog
SetDlgItemTextW
MessageBeep
IsWindowVisible
GetClassInfoExW
FillRect
RegisterClassExW
RegisterWindowMessageW
GetSysColor
MoveWindow
InvalidateRgn
RedrawWindow
IsChild
GetSysColorBrush
IsDialogMessageW
GetMessagePos
GetActiveWindow
wsprintfW
DialogBoxParamW
KillTimer
SetTimer
GetSubMenu
EnableMenuItem
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
CreateAcceleratorTableW
GetDlgItemInt
SetDlgItemInt
SetWindowRgn
WindowFromPoint
CreatePopupMenu
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
AppendMenuW

gdi32

CreateCompatibleDC
GetDIBits
CreateDIBitmap
SetPixel
GetPixel
SelectClipRgn
LineTo
MoveToEx
CreateBitmap
CreatePatternBrush
PatBlt
SetBkColor
ExtTextOutW
CreateDCW
SetViewportOrgEx
Polygon
CreatePen
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateRectRgn
CombineRgn
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
StretchBlt
ExcludeClipRect
GetStockObject
CreateFontIndirectW
DeleteDC
GetObjectW
DeleteObject
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetPathFromIDListW
ShellExecuteW

ole32

OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VarDateFromStr
VarI4FromStr
VarR8FromStr
VarDecFromStr
VarDecCmp
VarUI4FromStr
SafeArrayCreateVector

shlwapi

PathFindFileNameW
PathRemoveExtensionW

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_Add
ImageList_ReplaceIcon
PropertySheetW
_TrackMouseEvent

msimg32

TransparentBlt

pluginkernel

ord1
ord3

commonlib

?IsFileExists@Path@Common@@YAHPB_W@Z
ord6
?MakeSureDirectoryPathExists@Path@Common@@YAHPB_W@Z
?GetErrorMessage@CRunTimeException@Exception@Common@@QBEPB_WXZ
?GetErrorCode@CRunTimeException@Exception@Common@@QBEKXZ
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PBDK@Z
??1CLocationInfo@Exception@Common@@QAE@XZ
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PB_WK@Z
??0CLocationInfo@Exception@Common@@QAE@PB_W0H@Z
??1CRunTimeException@Exception@Common@@QAE@XZ
??0CRunTimeException@Exception@Common@@QAE@ABV012@@Z
??1CMyBuffer@Buffer@Common@@QAE@XZ
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
??0CMyBuffer@Buffer@Common@@QAE@XZ
ord1
?GetSource@CRunTimeException@Exception@Common@@QBEPB_WXZ
ord2
?HashData@Data@Common@@YAKPBDHK@Z

ws2_32

recvfrom
sendto
getpeername
ntohs
accept
bind
socket
WSAGetLastError
getsockname
recv
send
closesocket
connect
inet_addr
gethostname
htonl
inet_ntoa
gethostbyname
htons
WSACleanup
WSAStartup
ntohl
listen

garenaskin1

_TrackSkinPopupMenu@20
_GetSkinFont@4
_GetImage@8
_GetGameIcon@12
_InstallSkin@0
_UninstallSkin@0
_GetImageFromSkin@4
_SetSkinPath@4
_GetColor@4

wininet

HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestExW
HttpSendRequestW
InternetWriteFile
InternetReadFile
InternetConnectW
InternetOpenW
InternetSetOptionW
InternetGetLastResponseInfoW
InternetCrackUrlW
InternetCloseHandle

winmm

sndPlaySoundW

Exports

Exports

AddGame
AddMidPanel
CalcEValue
CanAccess
CurrentRoomDisplaySystemInfo
GGTVNewGame
GetCurrentRoomInfo
GetGamePathByGameId
GetIdByName
GetLocation
GetMyInfo
GetMyUserType
GetRoomType
GetService
GetStringById
GetUILanguage
GetUIObject
GetWnd
LaunchGame
MyMessageBox
NotifyTrayMsg
RegisterUIEvent
SendToMainServer
SendToRoomServer
SendToUser
SetUserGamingStatus
ShowGameSettingDlg
ShowMidPanel

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Garena_A
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e08d67a0ff555f7039b4b00a44317b5

Headers

File Characteristics

PDB Paths

Imports

sqlite3

inject

ggsec

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

pluginkernel

commonlib

ws2_32

garenaskin1

wininet

winmm

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 392KB - Virtual size: 389KB

.data Size: 1.5MB - Virtual size: 1.5MB

Garena_A Size: 4KB - Virtual size: 4B

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 192KB - Virtual size: 192KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 392KB - Virtual size: 389KB

.data
Size: 1.5MB - Virtual size: 1.5MB

Garena_A
Size: 4KB - Virtual size: 4B

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 192KB - Virtual size: 192KB