13710924a52a8a8ad17fd7cc24f2b802_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13710924a52a8a8ad17fd7cc24f2b802_JaffaCakes118
Size

249KB
MD5

13710924a52a8a8ad17fd7cc24f2b802
SHA1

2aa763650c94bf07efda7f2532a6f4d2b3949a4f
SHA256

43f8cdb0a49dc1d7432afe6624ee806c1b639482cb1f82b41b3156625740ac3d
SHA512

c22a5ef219fcd691623b9a3d8e3828933a1d43b552d2aaeeae9a783294cff2aad57b872d1b33578fa5f2c35c6fa03ae9cf67ab75c574cb2873576d4c1332e787
SSDEEP

3072:fEaLrb4MDLt6EryT8FC2E0G5N7gYEmOfuq8sRnp8U01R62aJwtOI9CV4iiaouxXp:frMMPtFvWrGTbjYb62GVei9NPOY

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/d3nv.dll	acprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/d3nv.dll
unpack001/Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/d3nvFL.dll

Files

13710924a52a8a8ad17fd7cc24f2b802_JaffaCakes118
.rar
Skyrim.MmangLuanzaoENB.mod/下载说明.txt
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/antilag.cfg
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/d3nv.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
Detoured
Direct3DCreate9

Sections

CODE
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/d3nvFL.dll
.dll windows:4 windows x86 arch:x86

0bf585deaa79bda9d822fb7f081891ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Pelit\Silent Hunter 5\d3d9.pdb

Imports

kernel32

LeaveCriticalSection
OutputDebugStringA
GetTickCount
InitializeCriticalSection
EnterCriticalSection
FreeLibrary
VirtualProtectEx
GetCommandLineA
LoadLibraryA
QueryPerformanceFrequency
OpenProcess
QueryPerformanceCounter
GetPrivateProfileIntA
CloseHandle
GetCurrentProcessId
Sleep
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

user32

GetKeyState
MessageBoxA

msvcr80

fclose
fwrite
strstr
exit
sscanf
_vsnprintf
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
fopen
getenv
strncpy
sprintf
fputc
strncmp

Exports

Exports

CheckFullscreen
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3DCreate9
Direct3DShaderValidatorCreate9
PSGPError
PSGPSampleTexture
ValidatePixelShader
ValidateVertexShader
_Direct3DCreate9@4

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/effect.txt
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/enbbloom.fx
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/enbeffect.fx
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/enbeffectprepass.fx
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/enbpalette.bmp
Skyrim.MmangLuanzaoENB.mod/忙忙の乱造/enbseries.ini
Skyrim.MmangLuanzaoENB.mod/游民星空 Gamersky.com.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: - Virtual size: 316KB

DATA Size: 196KB - Virtual size: 196KB

.rsrc Size: 2KB - Virtual size: 4KB

0bf585deaa79bda9d822fb7f081891ea

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcr80

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 1KB - Virtual size: 1KB

CODE
Size: - Virtual size: 316KB

DATA
Size: 196KB - Virtual size: 196KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 1KB - Virtual size: 1KB