e1593dfe82c80e5210b688904ba01e48_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1593dfe82c80e5210b688904ba01e48_JaffaCakes118
Size

468KB
MD5

e1593dfe82c80e5210b688904ba01e48
SHA1

0ea10b26d09d85083c9d2012ebcbad5b46284f97
SHA256

13c53fcc6badcd1522dc8a7b64f2677bb932e71d1d894798b7ffd258185fb47d
SHA512

f444016687f23b0f0e64fac9003faee25334735ad9cf1d0d4e4be92f9cb42f4bc9e280b3dd036e0fbaf275bc3f5f8f2dc506b15c309cf91a93e715f1e10ebcff
SSDEEP

6144:g2mHsOFQJpaQ+2TMry5rOX51nOOw5XPCNoylFdFUXP:gloa+TP5roLy96VlxUXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1593dfe82c80e5210b688904ba01e48_JaffaCakes118

Files

e1593dfe82c80e5210b688904ba01e48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c8aa8760912686a1a6d34f1e9b2ef17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Drive1\temp\buildwar3x\War3\bin\War3.pdb

Imports

comctl32

ImageList_DragEnter
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Replace
ImageList_DragMove
_TrackMouseEvent
ImageList_Create
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ImageList_Add
ImageList_Destroy
InitCommonControlsEx

winmm

timeGetTime

kernel32

SetFileAttributesA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
WaitForMultipleObjects
ReleaseSemaphore
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateMutexA
OpenMutexA
ReleaseMutex
CreateSemaphoreA
GetModuleHandleA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
HeapUnlock
HeapLock
HeapWalk
GetProcessHeaps
QueryPerformanceFrequency
SetThreadPriority
GetThreadPriority
GetCurrentThread
SystemTimeToFileTime
GetLogicalDriveStringsA
GetDriveTypeA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetACP
LocalFree
FormatMessageA
TerminateThread
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
GetDiskFreeSpaceA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
GetSystemTime
GetFileAttributesA
SetEndOfFile
SetFileTime
GetFileTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
WriteFile
CreateFileA
DeleteFileA
CreateProcessA
GetUserDefaultLangID
GetTimeZoneInformation
SetEvent
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoA
GetCommandLineA
GetWindowsDirectoryA
ResumeThread
SuspendThread
GetVersionExA
GetComputerNameA
GlobalMemoryStatus
GetSystemInfo
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleFileNameA
SetCurrentDirectoryA
GetFileSize
SetFilePointer
FlushFileBuffers
ReadFile
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock

user32

PostMessageA
CreateWindowExA
MessageBoxA
GetPropA
SetPropA
GetClientRect
ScreenToClient
TranslateMessage
DispatchMessageA
ClientToScreen
SetCursorPos
EmptyClipboard
SetClipboardData
CreateDialogIndirectParamA
DeleteMenu
TranslateAcceleratorA
DrawFocusRect
DrawTextA
SetWindowTextA
PeekMessageA
GetMessageA
IsDialogMessageA
SetParent
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
InsertMenuItemA
CreatePopupMenu
CreateMenu
SetCapture
GetMenu
DestroyMenu
SystemParametersInfoA
WindowFromPoint
ReleaseCapture
GetClassLongA
CallWindowProcA
TrackPopupMenu
GetWindow
RegisterClassA
GetDesktopWindow
SetForegroundWindow
DefWindowProcA
GetDCEx
BeginPaint
FillRect
EndPaint
UpdateWindow
GetKeyState
MessageBeep
SetWindowPlacement
GetWindowPlacement
GetForegroundWindow
EnableWindow
SetActiveWindow
LoadImageA
SetClassLongA
DestroyIcon
GetWindowTextA
ShowCursor
SetCursor
LoadCursorA
SetScrollPos
GetWindowLongA
SetWindowLongA
GetScrollInfo
SetScrollInfo
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColor
GetSysColorBrush
GetDC
ReleaseDC
GetWindowTextLengthA
GetFocus
GetWindowInfo
SetWindowPos
InvalidateRect
IsWindowEnabled
IsWindowVisible
ShowWindow
SetFocus
GetCursorPos
GetWindowRect
GetParent
DrawMenuBar
GetMenuItemInfoA
SetMenuItemInfoA
GetMenuItemCount
DestroyWindow
GetActiveWindow
RemovePropA
KillTimer
SetTimer
SendMessageA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

storm

ord294
ord403
ord401
ord279
ord463
ord405
ord465
ord501
ord581
ord506
ord578
ord507
ord508
ord590
ord503
ord509
ord595
ord280
ord570
ord551
ord552
ord472
ord474
ord479
ord476
ord504
ord399
ord548
ord541
ord543
ord542
ord421
ord253
ord269
ord265
ord268
ord569
ord252
ord251
ord266
ord571
ord302
ord572
ord545
ord544
ord575
ord267
ord271
ord288
ord563

msvcr80

strrchr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CIpow
_CIlog10
_CIsqrt
memmove
_purecall
_clearfp
_control87
fopen
fclose
fprintf
_time64
_ctime64
_beginthreadex
qsort
atof
strtoul
atoi
_vsnprintf
__CxxFrameHandler3
memcpy
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
setvbuf
__p__fmode

wininet

InternetCanonicalizeUrlA

mss32

_AIL_close_XMIDI_driver@4
_AIL_DLS_close@8
_AIL_close_3D_provider@4
_AIL_close_3D_listener@4
_AIL_sample_ms_position@12
_AIL_WAV_info@8
_AIL_set_named_sample_file@20
_AIL_init_sample@4
_AIL_mem_free_lock@4
_AIL_sequence_ms_position@12
_AIL_init_sequence@12
_AIL_MIDI_to_XMI@20
_AIL_file_type@8
_AIL_enumerate_3D_providers@12
_AIL_set_3D_distance_factor@8
_AIL_open_3D_listener@4
_AIL_last_error@0
_AIL_open_3D_provider@4
_AIL_set_XMIDI_master_volume@8
_AIL_set_3D_room_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_speaker_type@8
_AIL_digital_CPU_percent@4
_AIL_set_3D_position@16
_AIL_DLS_unload@8
_AIL_set_3D_orientation@28
_AIL_DLS_open@28
_AIL_open_XMIDI_driver@4
_AIL_set_file_callbacks@16
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_mem_use_free@4
_AIL_mem_use_malloc@4
_AIL_shutdown@0
_AIL_open_stream@12
_AIL_set_3D_sample_preference@12
_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_cone@16
_AIL_extract_DLS@28
_AIL_register_sequence_callback@8
_AIL_set_sequence_user_data@12
_AIL_register_stream_callback@8
_AIL_set_stream_user_data@12
_AIL_register_EOS_callback@8
_AIL_set_sample_user_data@12
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_user_data@12
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_close_digital_driver@4
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_set_stream_ms_position@8
_AIL_set_sample_playback_rate@8
_AIL_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_3D_sample_playback_rate@4
_AIL_set_stream_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_set_3D_sample_obstruction@8
_AIL_3D_user_data@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_set_sequence_loop_count@8
_AIL_release_3D_sample_handle@4
_AIL_stop_sequence@4
_AIL_stop_3D_sample@4
_AIL_stop_sample@4
_AIL_resume_3D_sample@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_info@8
_AIL_release_sample_handle@4
_AIL_release_sequence_handle@4
_AIL_close_stream@4
_AIL_allocate_sequence_handle@4
_AIL_allocate_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_end_sample@4
_AIL_end_3D_sample@4
_AIL_end_sequence@4
_AIL_set_3D_sample_occlusion@8
_AIL_set_stream_pan@8
_AIL_set_sample_pan@8
_AIL_set_3D_velocity@20
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_DLS_load_memory@12
_AIL_DLS_compact@4
_AIL_sample_user_data@8
_AIL_set_sequence_volume@12
_AIL_start_sample@4
_AIL_resume_sample@4
_AIL_set_stream_volume@8
_AIL_set_3D_sample_volume@8
_AIL_set_sample_volume@8
_AIL_sequence_user_data@8
_AIL_stream_user_data@8
_AIL_sequence_status@4
_AIL_set_sample_loop_count@8
_AIL_start_sequence@4
_AIL_set_3D_sample_effects_level@8
_AIL_resume_sequence@4
_AIL_find_DLS@24

wsock32

WSAStartup
recvfrom
WSAGetLastError
recv
ioctlsocket
ntohs
inet_addr
ntohl
gethostbyname
gethostname
send
connect
select
accept
WSACleanup
sendto
socket
inet_ntoa
closesocket
htons
getpeername
getsockname
listen
bind
setsockopt

imm32

ImmAssociateContextEx
ImmAssociateContext

gdi32

GetStockObject
DeleteObject
CreateDIBitmap
SetBkColor
SetTextColor
FillRgn
CreateSolidBrush
GetBkColor
SetBkMode
CombineRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
SelectObject
LineTo
MoveToEx
CreatePen

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
GetUserNameA
RegCreateKeyExA
RegOpenKeyExA

shell32

FindExecutableA
DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA

Exports

Exports

A1
A2
A3
A4
A5
A6
AA
AB
AG
AL
AM
AN
AQ
AU
Ac
Aj
Ak
Al
Am
Ao
Ap
Aq
Ar
As
At
Au
Av
Aw
Ax
Ay
Az
B0
B1
B2
B3
B4
B5
B6
B7
B9
BA
BB
BC
BD
BE
BF
BG
BH
BI
BJ
BK
BL
BM
BN
BO
BP
BQ
BR
BS
BT
BU
BV
BW
BX
BY
BZ
Ba
Bb
Bc
Bd
Be
Bf
Bg
Bh
Bi
Bj
Bk
Bl
Bm
Bn
Bo
Bp
Bq
Br
Bs
Bt
Bu
Bv
Bw
Bx
By
Bz
C0
C1
C4
C5
C6
C7
C8
C9
CA
CB
CC
CD
CE
CF
CG
CH
CI
CJ
CK
CL
CM
CN
CO
CP
CQ
CR
CS
CT
CU
CV
CW
CX
CY
CZ
Cc
Cd
Ce
Cf
Cg
Ch
Ci
Cj
Ck
Cl
Cm
Cn
Co
Cp
Cq
Cr
Cs
Ct
Cu
Cv
Cw
Cx
Cy
Cz
D0
D1
D2
D3
D4
D5
D6
D7
D8
D9
DA
DB
DC
DD
DE
DF
DG
DH
DI
DJ
DK
DL
DM
DN
DO
DP
DQ
DR
DS
DT
DU
DV
DW
DX
DY
DZ
Da
Db
Dc
Dd
De
Df
Dg
Dh
Di
Dj
Dk
Dl
Dm
Dn
Do
Dq
Dr
Ds
Dt
Du
Dv
Dw
Dx
Dy
Dz
E0
E1
E2
E3
E4
E5
E6
E7
E8
E9
EA
EB
EC
ED
EE
EF
EG
EH
EI
EJ
EK
EL
EM
EN
EO
EP
EQ
ER
ES
ET
EU
EV
EW
EX
EY
EZ
Ea
Eb
Ec
Ed
Ef
Eg
Eh
Ei
Ej
Ek
El
Em
Eo
Ep
Eq
Er
Et
Eu
Ev
Ew
Ex
Ey
Ez
F0
F1
F2
F3
F4
F5
F6
F7
F8
F9
FA
FB
FC
FD
FE
FF
FG
FH
FI
FJ
FK
FL
FM
FN
FO
FP
FQ
FR
FS
FT
FU
FV
FW
FX
FY
FZ
Fa
Fb
Fc
Fd
Fe
Ff
Fg
Fh
Fi
Fj
Fk
Fl
Fm
Fn
Fo
Fp
Fq
Fr
Fs
Ft
Fu
Fv
Fw
Fx
Fy
Fz
G0
G1
G2
G3
G4
G5
G6
G7
G8
G9
GA
GB
GC
GD
GE
GF
GG
GH
GI
GJ
GK
GL
GM
GN
GO
GP
GQ
GR
GS
GT
GU
GV
GW
GX
GY
GZ
Ga
Gb
Gc
Gd
Ge
Gf
Gg
Gh
Gi
Gj
Gk
Gl
Gm
Gn
Go
Gp
Gq
Gr
Gs
Gt
Gu
Gv
Gw
Gx
Gy
Gz
H0
H1
H2
H3
H4
H5
H6
H7
H8
H9
HA
HB
HC
HD
HE
HF
HG
HH
HI
HJ
HK
HL
HM
HN
HO
HP
HQ
HR
HS
HT
HU
HV
HW
HX
HY
HZ
Ha
Hb
Hc
Hd
He
Hf
Hg
Hh
Hi
Hj
Hk
Hl
Hm
Hn
Ho
Hp
Hq
Hr
Hs
Ht
Hu
Hv
Hw
Hx
Hy
Hz
I0
I1
I2
I3
I4
I5
I6
I7
I8
I9
IA
IB
IC
ID
IE
IF
IG
IH
II
IJ
IK
IL
IM
IN
IO
IP
IQ
IR
IT
IW
IX
IY
IZ
Ia
Ib
Ic
Id
Ie
If
Ig
Ih
Ii
Ij
Ik

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c8aa8760912686a1a6d34f1e9b2ef17

Headers

File Characteristics

PDB Paths

Imports

comctl32

winmm

kernel32

user32

comdlg32

storm

msvcr80

wininet

mss32

wsock32

imm32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 338KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 16KB - Virtual size: 55KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 340KB - Virtual size: 338KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 16KB - Virtual size: 55KB

.rsrc
Size: 56KB - Virtual size: 56KB