fcc144935c212ab9224e98c8227344ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcc144935c212ab9224e98c8227344ac_JaffaCakes118
Size

767KB
MD5

fcc144935c212ab9224e98c8227344ac
SHA1

71ee278921e6ef301bfed92d688e38d7a13e8467
SHA256

4443e325e86fabe8d4ca2de90a43521da5631b3d2ff2b9a8ac3a50855d81e5ab
SHA512

17a13476c2f79b438b3f28219cb6d4736b0f40a20f16bdb61d844a470349524f61da6c2527221d13defef992fcd753824b529aed31c22b904ee27475659270f6
SSDEEP

12288:nZgAqW7Bt2VX+xHfA891MxVLt1ibDxr916cv919j0QhsZ11yM/61YauU9:ZgZWFt2VXUHfZfMvLt0x2c9j0MsZfy2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Middle Earth Shadow of War Promo Trainer.exe

Files

fcc144935c212ab9224e98c8227344ac_JaffaCakes118
.zip
Middle Earth Shadow of War Promo Trainer.exe
.exe windows:4 windows x64 arch:x64

0c3aa2da2b5b907901d49c2887947750

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memmove
fseek
fread
fclose
ftell
memcpy
log10
_wfopen
wcslen
wcscpy
wcscmp
wcscat
memcmp
_strdup
sprintf
free
longjmp
_setjmp
_wcsdup
strcpy
_wcsicmp
wcsncmp
wcsncpy
_snwprintf
tolower
fabs
malloc
ceil
floor
pow
??3@YAXPEAX@Z
setlocale
swscanf
wcsstr
_wcsnicmp
realloc
_errno
calloc
fopen
toupper
perror
atan
fprintf
log
cos
sin
ldexp
qsort
exp
sqrt
exit
acos
frexp
memchr
modf
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
__iob_func
getenv
sscanf
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
strrchr
strpbrk
strtoul
_time64
_strtoi64
fgets
fputs
atoi
isspace
isdigit
_stricmp
_strnicmp
_read
_write
fputc
isalnum
_stat64
isupper
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
OpenProcess
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
VirtualProtectEx
HeapDestroy
ExitProcess
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetCurrentProcess
VirtualQueryEx
Process32FirstW
Process32NextW
GetLastError
TerminateProcess
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
GetCurrentThread
DuplicateHandle
CreateSemaphoreW
CreateThread
ReleaseSemaphore
LeaveCriticalSection
WaitForMultipleObjects
Sleep
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
PeekNamedPipe
ReadFile
HeapReAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
WideCharToMultiByte
CreateFileW
DeleteFileW
WriteFile
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalFree
GetVersionExW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetDriveTypeW
GetFileAttributesW
SetFilePointer
GetFileSize
HeapSize
MulDiv
TlsFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA

user32

GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetAsyncKeyState
GetKeyboardState
ShowWindow
SendMessageW
SetClassLongPtrW
RedrawWindow
GetDesktopWindow
GetWindow
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
FindWindowW
GetKeyNameTextW
MapVirtualKeyW
PeekMessageW
RegisterHotKey
UnregisterHotKey
MessageBoxW
DefWindowProcW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
IsWindowVisible
EnumWindows
SetWindowPos
BeginPaint
EndPaint
SetWindowTextW
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetParent
GetDC
InflateRect
ReleaseDC
GetWindowDC
GetWindowRect
GetIconInfo
InvalidateRect
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
ScreenToClient
GetClientRect
FillRect
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetWindowLongW
SetScrollInfo
GetScrollPos
MoveWindow
GetScrollRange
MapWindowPoints
ClientToScreen
GetFocus
GetClassNameW
EnumPropsExW
SetActiveWindow
DestroyIcon
RegisterClassW
AdjustWindowRectEx
GetMenu
IsZoomed
DefFrameProcW
EnumChildWindows
PostMessageW
GetActiveWindow
MsgWaitForMultipleObjects
GetKeyState
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
GetCursorPos
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePatternBrush
GetStockObject
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateDCW
DeleteDC
CreateCompatibleDC
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateFontW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

ShellExecuteExW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
SysAllocString
VariantInit
DispGetParam
VariantClear
SysStringLen

Sections

.code
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
meshadpromo-readme.txt

Sharing

General

Malware Config

Signatures

Files

0c3aa2da2b5b907901d49c2887947750

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

wsock32

winmm

gdiplus

uxtheme

comctl32

oleaut32

Sections

.code Size: 150KB - Virtual size: 149KB

.text Size: 678KB - Virtual size: 678KB

.rdata Size: 124KB - Virtual size: 123KB

.pdata Size: 36KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 48B

.data Size: 306KB - Virtual size: 320KB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 150KB - Virtual size: 149KB

.text
Size: 678KB - Virtual size: 678KB

.rdata
Size: 124KB - Virtual size: 123KB

.pdata
Size: 36KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 48B

.data
Size: 306KB - Virtual size: 320KB

.rsrc
Size: 73KB - Virtual size: 73KB