0843d53ca846a55bd06f914c3ca698a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0843d53ca846a55bd06f914c3ca698a0_JaffaCakes118
Size

636KB
MD5

0843d53ca846a55bd06f914c3ca698a0
SHA1

3957475514d7e956c7f8d4fd621000ab7cf91ac3
SHA256

b0c0e0087e98550c27e29dcb16c2bb5f3df08947dfa27042de796823a3c3e0f1
SHA512

20458bd1beae829914eb0a796b085b4402a7071e7de02110f0461eaeeb05c793bee3a0b723ce1af47316d43e8561f611ff0882f818d6e0056c7578498d53f333
SSDEEP

6144:/NJg3vlfrq4D17UH4XPdBAAd9bftF92Swkmw82zMzNr1aLsn5L4rJZ2WBGv+DcX1:vg/lfd76ePdB7lF91sf2I5ZGls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0843d53ca846a55bd06f914c3ca698a0_JaffaCakes118

Files

0843d53ca846a55bd06f914c3ca698a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78a4230b1ed2ca973ec3ce48b7e57aa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
gethostbyname
inet_addr
htons
inet_ntoa
ioctlsocket
sendto
recvfrom
accept
bind
listen
ntohs
WSACleanup
connect
WSAGetLastError
recv
send
closesocket
setsockopt
WSAStartup
socket

winmm

PlaySoundA

zlib1

compress
uncompress

mfc42

ord6856
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord1776
ord2385
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord3663
ord6514
ord808
ord2414
ord2725
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord356
ord540
ord4224
ord3571
ord6055
ord4396
ord5290
ord3572
ord567
ord609
ord4275
ord1641
ord2452
ord1146
ord2379
ord2567
ord283
ord6880
ord2859
ord2574
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord3574
ord3402
ord3721
ord1168
ord6478
ord324
ord2289
ord2370
ord2301
ord2302
ord4234
ord665
ord1979
ord6385
ord5186
ord354
ord5572
ord2915
ord5442
ord3874
ord3092
ord6334
ord6803
ord6199
ord4710
ord5981
ord755
ord470
ord3706
ord6215
ord2642
ord535
ord5280
ord656
ord3619
ord2818
ord2764
ord3573
ord3797
ord6172
ord815
ord2860
ord5875
ord5787
ord3911
ord6267
ord2564
ord3817
ord5926
ord640
ord5785
ord1640
ord323
ord4299
ord613
ord289
ord2243
ord472
ord2358
ord384
ord686
ord6778
ord2453
ord4202
ord536
ord2405
ord2614
ord5781
ord6453
ord6845
ord641
ord818
ord501
ord5600
ord1233
ord5788
ord1083
ord2086
ord2233
ord4133
ord4297
ord2776
ord2864
ord5607
ord3303
ord3287
ord6008
ord4000
ord1816
ord2582
ord4402
ord3370
ord3640
ord693
ord2862
ord3318
ord3319
ord3178
ord3996
ord4284
ord6907
ord3301
ord2763
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6007
ord6134
ord3876
ord3771
ord6663
ord3283
ord3258
ord1705
ord430
ord1269
ord326
ord6217
ord6241
ord3998
ord5856
ord5583
ord3286
ord6874
ord1576
ord3708
ord781
ord2096
ord4148
ord6876
ord6905
ord940
ord6877
ord6662
ord6136
ord3499
ord2515
ord355
ord6696
ord3790
ord6597
ord6800
ord465
ord3698
ord3396
ord3731
ord2455
ord6743
ord6515
ord3610
ord521
ord6307
ord4167
ord518
ord5773
ord3789
ord6779
ord4476
ord3452
ord810
ord6605
ord3296
ord3398
ord3733
ord3763
ord3873
ord3324
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord6812
ord6815
ord6816
ord6858
ord6846
ord6839
ord6814
ord6847
ord6867
ord6859
ord6832
ord6855
ord6823
ord6857
ord6807
ord6591
ord6650
ord3626
ord5683
ord4129
ord5710
ord3953
ord1134
ord5943
ord2621
ord1105
ord2514
ord795
ord616
ord1200
ord537
ord941
ord924
ord800
ord860
ord922
ord858
ord3811
ord2820
ord926
ord939
ord1949
ord765
ord4274
ord4673
ord773
ord823
ord5789

msvcrt

_itoa
_ecvt
_setmbcp
__CxxFrameHandler
exit
rename
sprintf
atoi
atof
printf
rand
srand
time
_i64toa
_ftol
_atoi64
_stricmp
_strnicmp
free
malloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_access

kernel32

GetModuleHandleA
GetWindowsDirectoryA
lstrlenA
GetProcAddress
GetFileAttributesA
GetTickCount
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersionExA
GetFileSize
CreateProcessA
ResumeThread
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
TerminateProcess
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetLastError
OpenMutexA
SetUnhandledExceptionFilter
GetModuleFileNameA
DeleteFileA
LoadLibraryA
Sleep
FreeLibrary
GetPrivateProfileStringA
CreateDirectoryA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GetStartupInfoA

user32

OffsetRect
DrawTextA
DrawFocusRect
GetWindowLongA
SetWindowLongA
FindWindowA
IsWindowVisible
SetWindowPos
HideCaret
IsZoomed
IsWindow
GetWindowDC
FrameRect
CopyRect
GetFocus
FlashWindow
GrayStringA
RemoveMenu
LoadMenuA
GetSubMenu
GetWindowRect
DestroyIcon
PostMessageA
GetParent
PtInRect
ReleaseCapture
SetCapture
GetCapture
CopyIcon
CloseWindow
UpdateWindow
SetForegroundWindow
TabbedTextOutA
InflateRect
ReleaseDC
GetDC
DrawIconEx
GetSysColor
RedrawWindow
InvalidateRgn
GetCursorPos
IsRectEmpty
OpenClipboard
InvalidateRect
LoadBitmapA
MessageBoxA
EnableWindow
GetMenuItemCount
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursor
SetRect
LoadCursorA
SetTimer
FillRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
KillTimer
LoadIconA
LoadImageA

gdi32

GetObjectA
SetTextColor
CreateSolidBrush
BitBlt
CreateFontIndirectA
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateDCA
GetPixel
Rectangle
GetStockObject
GetDeviceCaps
GetTextExtentPoint32A
GetTextMetricsA
CombineRgn
CreateRectRgnIndirect
GetCurrentObject
CreateFontA
DeleteObject
PtInRegion
LineTo
MoveToEx
CreatePen
ExtTextOutA
SetBkColor
SetBkMode
StretchBlt
CreateBitmap
PtVisible
RectVisible
TextOutA
Escape
CreateRoundRectRgn
CreateCompatibleDC
FrameRgn
FillRgn

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ord17

ole32

OleCreateStaticFromData
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
SysFreeString
SysAllocString
SysStringLen

msvcirt

?close@ofstream@@QAEXXZ
??1ios@@UAE@XZ
??1ofstream@@UAE@XZ
??6ostream@@QAEAAV0@PBD@Z
?open@ofstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ofstream@@QAE@XZ
??_Dofstream@@QAEXXZ

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Xlen@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

viewctrler

?SethShareFrameDlg@CViewCtrler@@SAXPAUHWND__@@@Z
?ShowShareFrameDlgMask@CViewCtrler@@SAX_NPAUHWND__@@@Z
?SethMainFrame@CViewCtrler@@SAXPAUHWND__@@@Z
?m_hShareFrameDlg@CViewCtrler@@2PAUHWND__@@A
?FlushSHarePoint@CViewCtrler@@SAXH@Z
?ChangeShareFrameDlgMaskText@CViewCtrler@@SAXPADPAUHWND__@@@Z
?ChangeUpLoadList@CViewCtrler@@SAX_NPAX@Z
?SethLoginDlg@CViewCtrler@@SAXPAUHWND__@@@Z
?SethDownLoadingFileListDlg@CViewCtrler@@SAXPAUHWND__@@@Z
?SethHallDlg@CViewCtrler@@SAXPAUHWND__@@@Z
?AddFileListItem@CViewCtrler@@SAXPAXPAUHWND__@@@Z

dbghelp

MiniDumpWriteDump

4thauditer

?getAuditStat@@YGHPBD@Z
?sendChangeAdtFile@@YGHPBDD_J0@Z
?addSharePath@@YGXPBD@Z
?init4thAuditer@@YG_NPBDPAUsockaddr_in@@00HH@Z
?setFunctions@@YGXP6A_NPBD_J0@Z@Z
?sendSetAdtFile@@YGHPBDD@Z
?sendGetWaitAdtFileList@@YGHPBD@Z
?stopAdtCreate@@YGXPBD@Z
?connAndGetMsg@@YGHXZ
?readyShareList@@YGPAVCBaseList@@PBDDD@Z
?setAuditStat@@YG_NPBD0_JD@Z

netapi32

Netbios

war3hook

SetPlayerInfo
GetStartMode
StartWarResultClient
SetLV
SetID
SetStartMode
SetText

4thmd5

?file4thMD5@@YG_NPADHPBD@Z

ipmsgsenderdll

?start@@YGXPADKK@Z

4thgamehook

?Start@@YGHKKGKPAVCBaseList@@PAI@Z

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78a4230b1ed2ca973ec3ce48b7e57aa1

Headers

File Characteristics

Imports

ws2_32

winmm

zlib1

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcirt

msvcp60

viewctrler

dbghelp

4thauditer

netapi32

war3hook

4thmd5

ipmsgsenderdll

4thgamehook

Sections

.text Size: 288KB - Virtual size: 284KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 264KB - Virtual size: 261KB

.text
Size: 288KB - Virtual size: 284KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 264KB - Virtual size: 261KB