d32f2bf8489a1de5f68a315b8a3ee852_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d32f2bf8489a1de5f68a315b8a3ee852_JaffaCakes118
Size

783KB
MD5

d32f2bf8489a1de5f68a315b8a3ee852
SHA1

4b30a439d504ae06d3214cc8908851590a330b60
SHA256

a739805e3948bb2798f4e4da39934939342f51e4cfb76f18e5bc98e934b82590
SHA512

3535ddca5d3a0e806ac0eccf3e3a33a9d9ea0acf59881554f032c43119d7c6140a8d11d611a0d8d9f094fa3a8b60a43e598855f76fcfb37a32532cce79168573
SSDEEP

24576:zYIYZJjBiZi9khGXUPLYlePWG60iS8PFdHpq3+suAf:M9jBWiSyx1P7q

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CytAP.dll
unpack001/CytriikTrainer.exe

Files

d32f2bf8489a1de5f68a315b8a3ee852_JaffaCakes118
.zip
CytAP.dll
.dll windows:5 windows x86 arch:x86

026ef3b71ceeb4288311089079be3248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsDialogMessageW

shell32

ShellExecuteA

msvcp100

?_Decref@facet@locale@std@@QAEPAV123@XZ

wininet

InternetReadFile

ntdll

memchr

msvcr100

??0exception@std@@QAE@ABQBD@Z

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gtfo0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gtfo1
Size: - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gtfo2
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CytriikTrainer.exe
.exe windows:5 windows x86 arch:x86

f96e93148758a992572c870bdbf6a25d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS\Projects\S4Launcher2\Release\S4Launcher2.pdb

Imports

kernel32

Sleep
GetConsoleWindow
lstrlenW
SetConsoleTitleA
GetStdHandle
GetLastError
GetCurrentDirectoryW
GetProcAddress
VirtualAllocEx
Process32FirstW
VirtualFreeEx
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
LocalFree
WriteProcessMemory
CreateFileW
HeapSize
OpenProcess
CreateRemoteThread
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
Process32NextW
SetConsoleTextAttribute
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
MultiByteToWideChar
RtlUnwind
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
FlushFileBuffers

user32

MessageBoxW
UpdateWindow
MoveWindow
GetWindowRect

advapi32

SetEntriesInAclW
SetSecurityInfo
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

026ef3b71ceeb4288311089079be3248

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp100

wininet

ntdll

msvcr100

Sections

.text Size: - Virtual size: 22KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 46KB

.gtfo0 Size: - Virtual size: 4KB

.gtfo1 Size: - Virtual size: 637KB

.gtfo2 Size: 771KB - Virtual size: 770KB

.reloc Size: 512B - Virtual size: 104B

f96e93148758a992572c870bdbf6a25d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: - Virtual size: 22KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 46KB

.gtfo0
Size: - Virtual size: 4KB

.gtfo1
Size: - Virtual size: 637KB

.gtfo2
Size: 771KB - Virtual size: 770KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB