01917ad25513e8210ea27786874b92f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01917ad25513e8210ea27786874b92f7_JaffaCakes118
Size

904KB
MD5

01917ad25513e8210ea27786874b92f7
SHA1

7cff152c83a9ac665f3699f988c991b6a0c13dca
SHA256

9518ca8713596a5bee00feaea8fdb58009095be86a5fc041a8c168e0d2f4a7ac
SHA512

2a13004cba1d02e32742d6dc046a40b2bbe1fd07ba01ac1d4d93a09d79beb54ccee287cb9f45ccaf54b840c1776f58af6ac21769fcecf289625d7d323903b2ce
SSDEEP

24576:HlQIatyeyAImpUOmAInYuGO9qYurvce3Vf77gGN:FPayey0Lm/EEe3Vf77gGN

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CheatEnginePortable6.2/App/Cheat Engine/Cheat Engine.exe
unpack001/CheatEnginePortable6.2/App/Cheat Engine/allochook-i386.dll
unpack001/CheatEnginePortable6.2/App/Cheat Engine/allochook-x86_64.dll
unpack001/CheatEnginePortable6.2/App/Cheat Engine/ced3d9hook.dll
unpack001/CheatEnginePortable6.2/App/Cheat Engine/ceregreset.exe

Files

01917ad25513e8210ea27786874b92f7_JaffaCakes118
.rar
CheatEnginePortable6.2/App/AppInfo/Launcher/CheatEnginePortable.ini
CheatEnginePortable6.2/App/AppInfo/Launcher/splash.jpg
.jpg
CheatEnginePortable6.2/App/AppInfo/appicon.ico
CheatEnginePortable6.2/App/AppInfo/appicon_16.png
.png
CheatEnginePortable6.2/App/AppInfo/appicon_32.png
.png
CheatEnginePortable6.2/App/AppInfo/appinfo.ini
CheatEnginePortable6.2/App/Cheat Engine/Cheat Engine.exe
.exe windows:4 windows x86 arch:x86

42f01375922ac566135233797845efb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetThreadPriority
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MultiByteToWideChar
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

ShellExecuteA

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBeep
MessageBoxA

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CheatEnginePortable6.2/App/Cheat Engine/allochook-i386.dll
.dll windows:4 windows x86 arch:x86

01d879543b1b93fb4a8c6591ae469368

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetThreadPriority
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
HeapLock
HeapUnlock
HeapWalk
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MultiByteToWideChar
OutputDebugStringA
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBoxA

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stab
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
CheatEnginePortable6.2/App/Cheat Engine/allochook-x86_64.dll
.dll windows:4 windows x64 arch:x64

5f356a9227d50401556d497592f20cdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetThreadPriority
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
HeapLock
HeapUnlock
HeapWalk
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MultiByteToWideChar
OutputDebugStringA
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBoxA

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stab
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_DISCARDABLE

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
CheatEnginePortable6.2/App/Cheat Engine/ced3d9hook.dll
.dll windows:5 windows x86 arch:x86

5c781edc246948f4c3c5ba61273ff718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\svn\Cheat Engine\bin\ced3d9hook.pdb

Imports

d3dx9_43

D3DXCreateSprite
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixTransformation

kernel32

VirtualAlloc
WaitForSingleObject
OutputDebugStringA
InterlockedExchange
SetEvent
LCMapStringW
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
GetModuleHandleA
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

ScreenToClient
GetCursorPos

Exports

Exports

D3D9Hook_DrawIndexedPrimitiveUP_imp
D3D9Hook_DrawIndexedPrimitive_imp
D3D9Hook_DrawPrimitiveUP_imp
D3D9Hook_DrawPrimitive_imp
D3D9Hook_DrawRectPatch_imp
D3D9Hook_DrawTriPatch_imp
D3D9Hook_Present_imp
D3D9Hook_Reset_imp

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheatEnginePortable6.2/App/Cheat Engine/ceregreset.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CheatEnginePortable6.2/App/Cheat Engine/ceserver-linux_arm_android
.elf linux arm
CheatEnginePortable6.2/App/Cheat Engine/ceserver-linux_i386
.elf linux x86
CheatEnginePortable6.2/App/Cheat Engine/ceserver-linux_x86_64
.elf linux x64

Sharing

General

Malware Config

Signatures

Files

42f01375922ac566135233797845efb3

Headers

File Characteristics

Imports

kernel32

oleaut32

shell32

user32

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 36KB - Virtual size: 36KB

.bss Size: - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 4B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 67KB

01d879543b1b93fb4a8c6591ae469368

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 26KB - Virtual size: 26KB

.bss Size: - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 512B

.reloc Size: 9KB - Virtual size: 9KB

.stab Size: 3KB - Virtual size: 3KB

.stabstr Size: 5KB - Virtual size: 5KB

5f356a9227d50401556d497592f20cdf

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 41KB - Virtual size: 41KB

.bss Size: - Virtual size: 17KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 512B

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 4KB - Virtual size: 4KB

.stab Size: 3KB - Virtual size: 3KB

.stabstr Size: 5KB - Virtual size: 5KB

5c781edc246948f4c3c5ba61273ff718

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

kernel32

user32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

Headers

File Characteristics

Sections

CODE Size: 70KB - Virtual size: 69KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 36KB - Virtual size: 36KB

.bss
Size: - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 67KB

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 26KB - Virtual size: 26KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 512B

.reloc
Size: 9KB - Virtual size: 9KB

.stab
Size: 3KB - Virtual size: 3KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 41KB - Virtual size: 41KB

.bss
Size: - Virtual size: 17KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 512B

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 4KB - Virtual size: 4KB

.stab
Size: 3KB - Virtual size: 3KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB

CODE
Size: 70KB - Virtual size: 69KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 5KB