da67a3378411e004ec0974b8b453e9e7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

da67a3378411e004ec0974b8b453e9e7_JaffaCakes118
Size

8.7MB
MD5

da67a3378411e004ec0974b8b453e9e7
SHA1

6b5035baa2ac053bbe2f008d3c8feebb4ce75df9
SHA256

d98491e0b5d4db4ba5a8bea84f7fa30e294f7b9b890db6174e56c3c6e8bd406d
SHA512

b4b2c2046772abe38a55635148e5297b227877ba11536a08c44e8fec3c4d4b29448e22b5317db34b092f31905752855b933a092e668e14961dac5a094e53ec86
SSDEEP

98304:88haBB8DFdnhcFTogd80GdIYhRcjm2AtVnQ1r6P2N398hU:Js78DFkFToUlyIYh2azo6eNeW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da67a3378411e004ec0974b8b453e9e7_JaffaCakes118

Files

da67a3378411e004ec0974b8b453e9e7_JaffaCakes118
.exe windows:6 windows x64 arch:x64

e7dee274b5b546583d0960b858e3924a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\f\save\bin\client\master\five\release\FiveM.pdb

Imports

comctl32

ord344
InitCommonControlsEx
ord345

crypt32

CryptUnprotectData

kernel32

MoveFileW
MultiByteToWideChar
GetFileAttributesExW
AddVectoredExceptionHandler
GetCurrentProcessId
ExitProcess
GetStartupInfoW
GetProcAddress
LoadLibraryA
LoadLibraryW
K32EnumProcessModules
CreateDirectoryW
CreateMutexW
OpenMutexW
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetSystemTime
GetTickCount64
SystemTimeToFileTime
GetPrivateProfileIntW
WriteFile
GetTickCount
VerSetConditionMask
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualProtect
VerifyVersionInfoW
RtlAddFunctionTable
GetModuleFileNameA
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
SetEvent
CreateEventW
GetExitCodeProcess
OpenProcess
GetSystemDirectoryW
IsProcessInJob
CreateJobObjectW
GetLastError
SetInformationJobObject
SetDllDirectoryW
WaitForSingleObject
CreateRemoteThread
CopyFileW
CreateProcessW
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
K32GetModuleFileNameExW
K32GetModuleInformation
ReadFile
GetOverlappedResult
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
CreateActCtxW
ActivateActCtx
AreFileApisANSI
CloseHandle
GetFileAttributesW
DeleteFileW
RtlUnwind
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
CreateFileW
GetCommandLineW
TerminateProcess
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
LocalFree
GetModuleHandleW
GetModuleFileNameW
MapViewOfFile
GetExitCodeThread
GetCurrentProcess
IsDebuggerPresent
CreateFileMappingW
GetProcessId
Sleep
AssignProcessToJobObject
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitThread
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
RtlPcToFileHeader
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryExA
VirtualQuery
GetSystemInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
MoveFileExW
FormatMessageW
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
RaiseException
CompareStringOrdinal
InitOnceExecuteOnce
InitializeSRWLock
GlobalUnlock
GlobalLock
GlobalSize
CreateEventExW
WaitForSingleObjectEx
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
WaitForMultipleObjects
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
CreateThread
VirtualQueryEx
GetProcessTimes
GetSystemTimeAsFileTime
UnregisterWaitEx
UnregisterWait
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
ReleaseMutex
RegisterWaitForSingleObject
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
SetFilePointer
GetStringTypeW
GetNativeSystemInfo
TryEnterCriticalSection
GetCurrentDirectoryW
FindFirstFileExW
GetFileInformationByHandle
RemoveDirectoryW

user32

RegisterWindowMessageW
CreateWindowExW
MessageBoxA
RegisterClassExW
MsgWaitForMultipleObjects
SendMessageW
DefWindowProcW
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
PeekMessageW
AllowSetForegroundWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowTextW
GetSysColor
GetSysColorBrush
GetWindowLongW
SetWindowLongW
GetDesktopWindow
FindWindowExW
LoadCursorW
LoadIconW
MonitorFromPoint
FindWindowW
DispatchMessageW
GetProcessWindowStation
GetUserObjectInformationW
TranslateMessage
MessageBoxW
SetTimer

gdi32

SetBkMode
GetDeviceCaps
CreateFontIndirectW
SetTextColor

advapi32

RegGetValueW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegSetKeyValueW
RegDeleteKeyW
ReportEventW

shell32

SHGetKnownFolderPath
SHBindToParent
CommandLineToArgvW
ShellExecuteW
SHParseDisplayName
ord709
SHCreateItemFromParsingName
SetCurrentProcessExplicitAppUserModelID
SHSetLocalizedName

ws2_32

htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
getsockopt
ioctlsocket
getsockname
shutdown
getpeername
WSAGetLastError
connect
getnameinfo
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
freeaddrinfo

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

shlwapi

StrStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

RpcStringFreeA
UuidToStringA

d3d11

D3D11CreateDevice

wininet

InternetCrackUrlW
InternetConnectW
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW

bcrypt

BCryptGenRandom

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
AsyncTrace
DllCanUnloadNow
DllGetActivationFactory
NvOptimusEnablement
free
malloc
realloc

Sections

.cdummy
Size: - Virtual size: 97.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 183KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cld
Size: 68KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clr
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.unwind
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_MEM_READ

.rd_pef
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7dee274b5b546583d0960b858e3924a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

ntdll

shlwapi

version

rpcrt4

d3d11

wininet

bcrypt

oleaut32

Exports

Exports

Sections

.cdummy Size: - Virtual size: 97.0MB

.pdata Size: 183KB - Virtual size: 184KB

_RDATA Size: 512B - Virtual size: 4KB

.cld Size: 68KB - Virtual size: 1.0MB

.clr Size: 1.4MB - Virtual size: 1.4MB

.zdata Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 924KB - Virtual size: 924KB

.unwind Size: 1.6MB - Virtual size: 1.6MB

.rd_pef Size: 1.2MB - Virtual size: 1.2MB

.cdummy
Size: - Virtual size: 97.0MB

.pdata
Size: 183KB - Virtual size: 184KB

_RDATA
Size: 512B - Virtual size: 4KB

.cld
Size: 68KB - Virtual size: 1.0MB

.clr
Size: 1.4MB - Virtual size: 1.4MB

.zdata
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 924KB - Virtual size: 924KB

.unwind
Size: 1.6MB - Virtual size: 1.6MB

.rd_pef
Size: 1.2MB - Virtual size: 1.2MB