d61c322bd6a9b09f2074e31384405dc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d61c322bd6a9b09f2074e31384405dc0_JaffaCakes118
Size

1.3MB
MD5

d61c322bd6a9b09f2074e31384405dc0
SHA1

72e43099d7ef6d79a3564ee574fd1bbd88699c47
SHA256

c13b867fda133360bfac8fa7d647d673333c45c9867faf6b502b12522ef8d994
SHA512

5b180277a877732801d242bd5e182ff57b79859a165ffe2894c89e37fbac7602abcbab696d636a6765bacda3776494adbbb18b4fa0bb8867b7cdd1cdd11d3c59
SSDEEP

24576:/4Szm6Di36NYvkhXaeHaqS93+V2Lun4TL4hdl6GeM2ZQ37:DNCPkZ72Cn4TLAdOQ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61c322bd6a9b09f2074e31384405dc0_JaffaCakes118

Files

d61c322bd6a9b09f2074e31384405dc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8814a99b2bf009230b5a2f8676b349d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\source\Ongame\client\Vn_7poker\source\Release\VN_7POKER.pdb

Imports

kernel32

FindFirstFileA
IsProcessorFeaturePresent
ExpandEnvironmentStringsA
FindNextFileA
FindClose
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
CreateFileW
FlushFileBuffers
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
CreateFileA
WriteFile
CreateDirectoryA
CreateThread
LocalFree
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
LoadLibraryA
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEndOfFile
SetFilePointer
SetStdHandle
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
GetOEMCP
GetACP
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
_lclose
_llseek
_lread
_lopen
HeapFree
HeapAlloc
GetProcessHeap
IsDBCSLeadByte
RemoveDirectoryA
SetFileAttributesA
lstrcmpiA
lstrcatA
lstrlenA
lstrcpyA
GetFileAttributesA
OutputDebugStringA
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
ReadFile
GetFileType
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
GetModuleFileNameA

user32

LoadCursorFromFileA
SendMessageA
GetDlgItem
SetRect
PtInRect
MoveWindow
DefWindowProcA
SetWindowRgn
GetSystemMetrics
ScreenToClient
GetWindowRect
RegisterClassExA
UnregisterClassA
DestroyWindow
ReleaseDC
GetDC
SetFocus
SetWindowPos
SetWindowTextW
MessageBoxW
MessageBoxA
LoadIconA
SetClassLongA
ShowWindow
SetCursor
GetAsyncKeyState
PostQuitMessage
CreateWindowExA
PostMessageA
GetWindowTextA
LoadBitmapA
EndPaint
CreateDialogParamA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetKeyboardLayout
PostMessageW
GetFocus
ClientToScreen
GetClientRect
SetWindowLongA
ChangeDisplaySettingsA
ReleaseCapture
SetCapture
AdjustWindowRectEx
GetMenu
GetWindowLongA
EnumDisplaySettingsA
AdjustWindowRect
RegisterClassA
LoadCursorA
BeginPaint

gdi32

ExtTextOutW
GetStockObject
GetTextExtentPointW
SetPixel
GetPixel
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
DeleteObject
MoveToEx
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkColor
GetCharacterPlacementW
GetCharacterPlacementA
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
CreateFontA
SetBkMode
SetTextColor
TextOutW
CreateCompatibleBitmap
StretchBlt
DeleteDC
GetObjectA
CreateDIBSection
CreateCompatibleDC
SelectObject
BitBlt
CreateRoundRectRgn

advapi32

RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

OleRun
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
GetErrorInfo

winmm

timeGetTime

imm32

ImmSetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetCandidateListA
ImmAssociateContext
ImmNotifyIME
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

urlmon

URLDownloadToFileA

ws2_32

recv
WSAStartup
WSACleanup
send
closesocket
socket
htons
WSAGetLastError
connect
inet_addr
WSAAsyncSelect

fmodex

?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
FMOD_System_Create
?getSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getHardwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH00@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?setSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ

cwebpage

DisplayHTMLPage
EmbedBrowserObject
UnEmbedBrowserObject

ddraw

DirectDrawCreate

d3d9

Direct3DCreate9

Sections

.text
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8814a99b2bf009230b5a2f8676b349d2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winmm

imm32

urlmon

ws2_32

fmodex

cwebpage

ddraw

d3d9

Sections

.text Size: 872KB - Virtual size: 871KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 96KB - Virtual size: 4.8MB

.rsrc Size: 220KB - Virtual size: 216KB

.text
Size: 872KB - Virtual size: 871KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 96KB - Virtual size: 4.8MB

.rsrc
Size: 220KB - Virtual size: 216KB