��G��<���8(Rg��7M�q�P�e��P��J���h�x��#w{ �ե�R�!^>z����m�W��)��;���c`���B�1��|�S��D+Tݹڌ������}�_��ݳ���A�NDd��)F���e������r`��Ƹ+_[&;r}5��?t{��S͒���P��<�����"ko�Q�ݟP��+T�1��9F*h �o��܂Z"��!.���dQ�߿���gia3��R�F@�;H�H=����b#s� AzR�٤�LƵ�4d7��m狨l�YUQ�� =�Əd�ߟ�xI���Ū�Ҵ�D��NV¦�q�?P�s�� i[ڮRGC�X�07�P���#�r�c̽��mS��ڼ���+W5Ⱦ�rl�t�$� Xm��nx��f:���ڱ�_u�e�W�i��{��Q��s�����f�k�,h�[������H����x�C�#`)/4�ݶ�ن�q�����/������~�����R �\��,��x�p���E?�G`p3�;�����ҋ�Y���˝a���y�{��[��qU���R�� HD��^!���g���Jݼ�mWM=�t��=S��^���p��*���G��[���E��A���ڥ^��D+�����2� /�"���qQ��~RX�� Q\��ӳ� �`�78 �����+�i�ˤ�����u�����T�S�jB�"�jn{ĈX��/�T@�s��ra�c�T��oK""����W�����|s�O�p0�d���9�0/0;&|;��%Z;������0��X�^�Y�L����QG�oʂ��EǍo9�*�\���il�҃(&�ĺ���F�F裒"o�%�c?�����}@3��|����v�?�����$������T%*��s2��`nӥqp��:�N���wҢ�J�����!!u�U�'�a$�}:�@t4�SE�55�=���zC�� ��T�5�AB�eQ�5� dB����k%;u3��b]6⳩�Df���\7_�څ)�L�yC��#��w�(��j����c��2K��dI��~q��d4������G�L��8l��[�j��b�5�6)��,����0�r � u�jU�!5x��k��K��ʿ}5O��'�4��-v2אd1<W`�af�VSs'o��`��so�+y[%bs���>���3�f�4աT�|��{�Ņ`K!_Χ������`�q[���gc�AT�9����߀���o�j��_|��b����k\�_P��Υ�ECԏ��( X��Z�T�<�UU�`��6x�����ghQ1/��M������d��6���}��>lᭋ������k��t�{��h�2�2�2�~�+��-��Zq�����i�eg#I��> ����H�(����Ͱ:A@a��Hͦ�GQB����6�M�L�nM)q�H_s�W�Oo��l�rK��Z�?7�u��KY��';�g���5٩�8m��W쵃�`CWa�]2LB����g�7�7��A�ktJO�t!���g��-`A���϶\��|gJ���ۑ��1��^�N�4T�6� �cG���%�Sݜ�j����D��bc{]�I�$(@�Vx����?��U�j�p ��� �y��rf'���H<�Iy��I/�H9�J��$�ne���,mx�.��$ Q�1u��,�^��:���y!���v��5u�����h-S�!+^�����Mv_���;G�J�e�����4暾ۡ�$3L�Hva�avp�'�����y��3G���N_048����k)A>�a�D6u MNH�r�����Р��ڙX�_��V1Y��O�.��&��9�����k淶�o�"���u���g��e�0,+�\B�`�xh��^������=|�O�Vjqq���k̵F ���3En:5����Z�EHm Ӡ��4�,O�G��yF�8���:)S���h*$�l�,����}"���ֲw���}0q�}I0'�5uv�h�Q����|���VB�[��� ?8��cE,��6���T4�!76�*�5�R�<�����۰�m�D��0}���]I0�FN��T�2%�*���� ��}��ע�����{z�C�G�đ�����cfcFF�V鐖:8�q�noM��:�S�X��p�0C���������z)b������tI`�����Ts�5GR�����DW@���m2o���yo&�;����b$�{_&���O(�T�@H���OV���+c�=U�>�P@��^�s����XXǛ��|�24i����0a� �냞;Fj��{L߀]�W��밹tTa����ucs"�x�p2g��� �9�s_�(w���X�G�`i��Ï&aV!`{Z�7ޭG"��Gt�����>��ן�g��ԨyJ4�D�+U`Y���X�v�N|�d���NC�S��&�GW8qӱld)!���r*Zr˔�AZ��?��s�)e�9�>/�M��-'�j&��ꎎ�jǺ��[P5�ɐ�r�l��R������_��2ő�s��+X�mMh�J�ēBDj�^������u�Y��kh�*�B#Ӳy�r1 /���M��Jͨ��P��~�j�Qz>�UHѡ����O�+���h�����O���ع���@�+�uNc�y��j2[��Q�����b�����h8±b�*�V�2&�k^�^�����6[|�@|���I��Օ�4�T(2���n� �z%w2/����L�&oPm�5P����B�b�I���XF'���I V�%L��$RŃ�m>�+�\�{�;���r���d��$��өZ�6�S��/�f�2G�rrZ����|zx���1����&v�0����g������ŗ���O���l��dN��~��X���Ry5?\��ʕH}�)]�!jNۍ����>/ ���v�}ƛE�u�ȉ��p�O�H5~�8�rN�-�=Y�rΜȓ�ݤk��Y9�ӎ���������+t����)0r�M���P����(���T�6&���գ��u����P���Q�� �Ň�W���f+��nh`B����Q�U�����Dh�6�BP�+�fQ�t]�p4WU��~���-�R����n9�
Static task
static1
Behavioral task
behavioral1
Sample
Crysis3+12Tr-LNG_HunterED_v1.4.0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Crysis3+12Tr-LNG_HunterED_v1.4.0.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
游侠网热门单机游戏.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
游侠网热门单机游戏.url
Resource
win10v2004-20240802-en
General
-
Target
06655bddca53ccdb99eae054ebb57a06_JaffaCakes118
-
Size
2.3MB
-
MD5
06655bddca53ccdb99eae054ebb57a06
-
SHA1
09e267311d10f0da3c050192d9481fb963c47e85
-
SHA256
93a28f09e09ca794fa62bc77d203334fcef6fc05844f13688033a77df2c9ffb6
-
SHA512
d3ebb11d3091c5a3d276b865b0597a1c6dfd7ab38df2f9c6fe3189dfc44569c3cad6fb57daa7481c3a871a7c77e7b3755e54aa48b0bf40096f479109a50bb02e
-
SSDEEP
49152:2rPw9hFxMIgupE+xnWpQ4QrCJ2UVBe6njgZcjSDkl37ew:2jGHM2bW1QrCJDBNnMAQALF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Crysis3+12Tr-LNG_HunterED_v1.4.0.exe
Files
-
06655bddca53ccdb99eae054ebb57a06_JaffaCakes118.rar
-
ALI213.txt
-
Crysis3+12Tr-LNG_HunterED_v1.4.0.exe.exe windows:4 windows x86 arch:x86
59c5f496a691de76a056909431f93354
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaSetSystemError
kernel32
HeapCreate
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
winmm
waveOutPrepareHeader
user32
MessageBoxA
Exports
Exports
Sections
.text Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.VCrypt0 Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.VCrypt1 Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
游侠网热门单机游戏.url.url