fe08ec5e4b9e22744e35f2b638784d43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe08ec5e4b9e22744e35f2b638784d43_JaffaCakes118
Size

1.5MB
MD5

fe08ec5e4b9e22744e35f2b638784d43
SHA1

ff6fea5530053ee947c1cf1c03053119cc6cfb4b
SHA256

4cb59a72d2dbb9ff138051887e118c52b4996ac3ced2eb53ee0e732bd9aa982f
SHA512

9e250a5f0b595d28b58b5cc0d7f4089ef5f07d7f79430af29c1d724486348b17218abe56d848be0fb5c06da90486a452ad4e56d1dc091e877fb9093783da4233
SSDEEP

49152:Nf2cspVJaSQzI06/bpsuN/k4juFAWUCZD6hbio+JKdWc:Nf2cia3qgdFAWXl6huo+JKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe08ec5e4b9e22744e35f2b638784d43_JaffaCakes118

Files

fe08ec5e4b9e22744e35f2b638784d43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8badf8d0f1528a465cad03415d41fe54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\開発中\次世代\プログラム\VAdvHD-1.51\Release\AdvHD.pdb

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
InitCommonControlsEx

winmm

timeEndPeriod
timeGetDevCaps
mixerGetLineControlsW
mixerOpen
mixerGetControlDetailsW
mixerClose
mixerGetLineInfoW
mixerGetDevCapsW
mixerSetControlDetails
timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod

imm32

ImmGetContext
ImmGetCompositionStringW
ImmSetOpenStatus
ImmGetOpenStatus
ImmGetConversionStatus
ImmAssociateContext
ImmReleaseContext
ImmGetCandidateListW

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureShader
D3DXFillTextureTX
D3DXGetShaderOutputSemantics
D3DXCreateSphere
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateBox
D3DXSaveSurfaceToFileInMemory
D3DXLoadMeshFromXInMemory
D3DXCreateTextureFromFileInMemory
D3DXCreateMatrixStack
D3DXVec3TransformCoord
D3DXSaveSurfaceToFileW
D3DXCreateTextureFromFileInMemoryEx
D3DXVec3CatmullRom
D3DXCreateEffect
D3DXCreateLine
D3DXMatrixRotationY
D3DXMatrixPerspectiveFovLH
D3DXVec4Transform
D3DXMatrixRotationYawPitchRoll
D3DXMatrixLookAtLH
D3DXMatrixMultiply
D3DXMatrixScaling
D3DXMatrixInverse
D3DXMatrixTranslation
D3DXVec3Transform

dsound

ord3
ord11

xinput9_1_0

XInputGetState
XInputSetState

wininet

InternetCloseHandle
HttpEndRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetSetOptionW
InternetWriteFile
InternetConnectW
InternetQueryDataAvailable
HttpSendRequestExW
InternetQueryOptionW
InternetOpenW
InternetReadFileExW

lua5.1

lua_tolstring
lua_pushnumber
lua_type
lua_tocfunction
lua_setfield
lua_pushcclosure
lua_pcall
lua_pushnil
lua_tonumber
lua_call
lua_atpanic
lua_pushstring
lua_getfield
lua_close
lua_pushvalue
lua_gettop
lua_settop
lua_toboolean
luaL_loadbuffer
lua_pushboolean
luaL_newstate
luaL_openlibs
lua_createtable
lua_rawset
lua_getmetatable
lua_rawequal
lua_isuserdata
lua_gettable
lua_settable
lua_getfenv
lua_isnumber
lua_newuserdata
lua_error
lua_rawget
lua_remove
lua_setmetatable
lua_setfenv
lua_insert
lua_pushlstring
lua_iscfunction
lua_pushlightuserdata
lua_touserdata
lua_gc
lua_concat
lua_replace
lua_isstring
luaL_error
luaL_newmetatable
lua_next
lua_typename

kernel32

InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThread
GetThreadPriority
SetThreadPriority
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WaitForMultipleObjects
lstrcmpW
GetCurrentThreadId
ResetEvent
DeleteFileW
FileTimeToLocalFileTime
GetFileTime
FindNextFileW
FindClose
FileTimeToSystemTime
FindFirstFileW
VerifyVersionInfoW
GetProcessHeap
HeapFree
GetCurrentProcess
VerSetConditionMask
WideCharToMultiByte
ReleaseMutex
SetCurrentDirectoryW
CreateMutexW
lstrcpyW
GlobalUnlock
GlobalAlloc
GlobalLock
CreateEventW
GetLastError
CreateFileW
SetEvent
SetEndOfFile
SetFilePointer
CloseHandle
CreateSemaphoreW
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
MulDiv
InitializeCriticalSection
MultiByteToWideChar
DeleteCriticalSection
GetProcAddress
GetCurrentDirectoryW
GetModuleFileNameW
GetVersionExW
Sleep
LocalFree
FreeLibrary
LoadLibraryW
GetFileSize

user32

LoadCursorW
CopyIcon
SetCursorPos
DestroyCursor
OpenClipboard
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
GetCursorPos
LoadIconW
FlashWindowEx
IntersectRect
SetForegroundWindow
PostMessageW
LoadImageW
LoadStringW
CloseClipboard
FindWindowW
EmptyClipboard
SetClipboardData
GetKeyState
EnumDisplayDevicesW
SetFocus
GetMenu
CheckMenuRadioItem
GetWindowLongW
CreateDialogParamW
GetSystemMetrics
MoveWindow
DialogBoxParamW
GetDlgItem
EndDialog
SendDlgItemMessageW
SendMessageW
EnableWindow
DestroyIcon
DestroyWindow
TranslateAcceleratorW
GetWindowRect
SetActiveWindow
GetMessageW
MonitorFromPoint
PostQuitMessage
RegisterWindowMessageW
IsIconic
SetCapture
GetClientRect
wsprintfW
GetDC
TranslateMessage
LoadAcceleratorsW
LockWindowUpdate
ShowCursor
RegisterClassExW
GetWindowPlacement
SystemParametersInfoW
PeekMessageW
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
CreateWindowExW
AdjustWindowRectEx
MessageBoxW
ReleaseCapture
UpdateWindow
SetWindowTextW
ValidateRect
GetMonitorInfoW
DefWindowProcW
DispatchMessageW
ClientToScreen
SetCursor
ScreenToClient

gdi32

GetTextMetricsW
SelectObject
GetGlyphOutlineW
AddFontMemResourceEx
DeleteDC
GetDeviceCaps
CreateDCW
SetTextColor
CreateSolidBrush
GetTextCharset
DeleteObject
EnumFontFamiliesExW
CreateFontIndirectW
GetStockObject
SetBkMode

advapi32

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
RegQueryValueExW
RegCreateKeyExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear

shlwapi

PathFileExistsW

crypt32

CryptBinaryToStringW
CryptUnprotectData
CryptProtectData

emotedriver

?EmoteCreate@@YAPAVIEmoteDevice@@ABUInitParam@1@@Z

msvcr90

_wfopen_s
_wfindfirst64i32
_findclose
_wsplitpath_s
feof
atoi
ferror
strncat
calloc
ldexp
qsort
memmove
_errno
memset
memcpy
floor
__CxxFrameHandler3
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
isspace
abort
_CxxThrowException
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
_calloc_crt
__crtLCMapStringW
_create_locale
_ui64toa_s
_free_locale
_malloc_crt
__crtGetStringTypeW
islower
_wfsopen
??0exception@std@@QAE@ABQBDH@Z
___lc_collate_cp_func
__crtCompareStringW
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_wcsnicmp
_vsnwprintf_s
isalnum
_vscwprintf
towupper
_ismbclegal
wcsstr
isprint
wcstol
swprintf_s
strncpy_s
rand
_wremove
exit
realloc
printf
strchr
fwrite
setvbuf
fsetpos
fgetc
fflush
fgetpos
ungetc
fputc
fseek
_beginthreadex
_endthreadex
wcsncmp
toupper
tolower
_vsnprintf_s
strtod
wcscpy_s
strcspn
_wmkdir
modf
ceil
sprintf_s
_wfopen
sprintf
iswprint
_purecall
_wcsicmp
??2@YAPAXI@Z
memcpy_s
_invalid_parameter_noinfo
localeconv
memchr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
memmove_s
??_V@YAXPAX@Z
fclose
ftell
fread
_CIfmod
malloc
free
??3@YAXPAX@Z
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__iob_func
_CIexp
_CIsqrt
_CIcos
_CIsin
_CIlog
_CIatan
_CIpow
_CIlog10
_CIatan2
_CIasin
_CItan
swscanf_s

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8badf8d0f1528a465cad03415d41fe54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

imm32

d3d9

d3dx9_43

dsound

xinput9_1_0

wininet

lua5.1

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

emotedriver

msvcr90

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 25KB - Virtual size: 28KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 4KB