2800aad3c2abead6fbf4dc936c13bf3e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2800aad3c2abead6fbf4dc936c13bf3e_JaffaCakes118
Size

192KB
MD5

2800aad3c2abead6fbf4dc936c13bf3e
SHA1

16581216d0af03474814da0c17361cd40191212e
SHA256

17771e67effc6952654dde6064e9c339939d5c16f46b26c5ec6eb0001acd8fd9
SHA512

2c26951e38c215553c434e81329fcce27529ee1a3762c2301f02d6517b853c1b00fd2995c17965874eb2e0f54e3f4770f3251f61c82ef9ad09c6bc47568c1d0c
SSDEEP

3072:y0sUgxPKvlbzuS5Grbo0VeP7uQ5N+5SDADeak7dJHB/Aa:y0zgxiNbfGrPVePzs5SsQLH5Aa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2800aad3c2abead6fbf4dc936c13bf3e_JaffaCakes118

Files

2800aad3c2abead6fbf4dc936c13bf3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

851d724066c45208232fe5b124e9c03b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsetup

ord11

kernel32

MultiByteToWideChar
GetStartupInfoA
WideCharToMultiByte
ReleaseMutex
GetLogicalDrives
GetDriveTypeA
CreateMutexA
GetModuleFileNameA
GlobalLock
GetVolumeInformationA
GetTickCount
GlobalFree
GlobalAlloc
GlobalMemoryStatus
GetVersionExA
GlobalHandle
Sleep
CloseHandle
GetSystemInfo
CreateFileA
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
GetModuleHandleA
GetLastError
LCMapStringW

user32

RegisterClassExA
BeginPaint
EndPaint
GetDC
ReleaseDC
InvalidateRect
DestroyWindow
GetSystemMetrics
CreateWindowExA
LoadAcceleratorsA
UpdateWindow
LoadIconA
SendDlgItemMessageA
EndDialog
ShowWindow
DefWindowProcA
GetClientRect
SetWindowPos
SetCursor
GetCursorPos
ScreenToClient
DialogBoxParamA
SendMessageA
SetFocus
SystemParametersInfoA
RegisterClassA
LoadCursorA
GetMessageA
TranslateAcceleratorA
PostQuitMessage
PeekMessageA
LoadStringA
DispatchMessageA
TranslateMessage
MessageBoxA

gdi32

RealizePalette
UpdateColors
DeleteObject
GetStockObject
SelectPalette
SetDIBitsToDevice
CreatePalette

msvcrt

__getmainargs
_initterm
_exit
_except_handler3
?terminate@@YAXXZ
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
??1type_info@@UAE@XZ
malloc
__p__commode
??0exception@@QAE@ABQBD@Z
fopen
_strdate
_strtime
_CxxThrowException
fprintf
fclose
??2@YAPAXI@Z
_access
_splitpath
exit
sprintf
__CxxFrameHandler
__setusermatherr
atoi
_adjust_fdiv
_XcptFilter
_acmdln
free

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

ck2

?Process@CKContext@@QAEJXZ
?GetRenderManager@CKContext@@QAEPAVCKRenderManager@@XZ
?CreateObject@CKContext@@QAEPAVCKObject@@JPADW4CK_OBJECTCREATION_OPTIONS@@PAW4CK_LOADMODE@@@Z
?CreateCKObjectArray@@YAPAVCKObjectArray@@XZ
?ResetChronos@CKTimeManager@@QAEXHH@Z
?IsPlaying@CKContext@@QAEHXZ
?GetTimeToWaitForLimits@CKTimeManager@@QAEXAAM0@Z
?SetBackgroundColor@CKScene@@QAEXK@Z
?AddRenderContext@CKLevel@@QAEXPAVCKRenderContext@@H@Z
?Clear@CKObjectArray@@QAEXXZ
?LaunchScene@CKLevel@@QAEJPAVCKScene@@W4CK_SCENEOBJECTACTIVITY_FLAGS@@W4CK_SCENEOBJECTRESET_FLAGS@@@Z
?DeleteCKObjectArray@@YAXPAVCKObjectArray@@@Z
?CKIsChildClassOf@@YAHPAVCKObject@@J@Z
?GetPluginDllInfo@CKPluginManager@@QAEPAUCKPluginDll@@H@Z
?GetPluginInfo@CKPluginManager@@QAEPAUCKPluginEntry@@HH@Z
?GetScene@CKLevel@@QAEPAVCKScene@@H@Z
?GetSceneCount@CKLevel@@QAEHXZ
?CKCloseContext@@YAJPAVCKContext@@@Z
?GetObjectA@CKContext@@QAEPAVCKObject@@K@Z
?GetObjectsCountByClassID@CKContext@@QAEHJ@Z
?GetPluginCount@CKPluginManager@@QAEHH@Z
?GetMessageManager@CKContext@@QAEPAVCKMessageManager@@XZ
?IsReseted@CKContext@@QAEHXZ
?GetTimeManager@CKContext@@QAEPAVCKTimeManager@@XZ
?SendMessageBroadcast@CKMessageManager@@QAEPAVCKMessage@@HJPAVCKBeObject@@@Z
?CKStartUp@@YAJXZ
?SendMessageSingle@CKMessageManager@@QAEPAVCKMessage@@HPAVCKBeObject@@0@Z
?GetManagerByGuid@CKContext@@QAEPAVCKBaseManager@@UCKGUID@@@Z
?CKGetPluginManager@@YAPAVCKPluginManager@@XZ
?ParsePlugins@CKPluginManager@@QAEHPAD@Z
?AddMessageType@CKMessageManager@@QAEHPAD@Z
?CKCreateContext@@YAJPAPAVCKContext@@PAXHK@Z
?SetVirtoolsVersion@CKContext@@QAEXW4CK_VIRTOOLS_VERSION@@K@Z
?GetObjectsListByClassID@CKContext@@QAEPAKJ@Z
?GetCurrentLevel@CKContext@@QAEPAVCKLevel@@XZ
?Load@CKContext@@QAEJPADPAVCKObjectArray@@W4CK_LOAD_FLAGS@@PAUCKGUID@@@Z
?GetPathManager@CKContext@@QAEPAVCKPathManager@@XZ
?AddPath@CKPathManager@@QAEHHAAVXString@@@Z
?GetFileInfo@CKContext@@QAEJPADPAUCKFileInfo@@@Z
?DestroyObject@CKContext@@QAEJKKPAVCKDependencies@@@Z
?Pause@CKContext@@QAEJXZ
?Play@CKContext@@QAEJXZ
?Reset@CKContext@@QAEJXZ
?CKShutdown@@YAJXZ
?ClearAll@CKContext@@QAEJXZ

vxmath

??1XString@@QAE@XZ
??0XString@@QAE@PBDH@Z

resdll

fillResourceMap

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851d724066c45208232fe5b124e9c03b

Headers

File Characteristics

Imports

dsetup

kernel32

user32

gdi32

msvcrt

advapi32

ck2

vxmath

resdll

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 84KB - Virtual size: 89KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 84KB - Virtual size: 89KB

.rsrc
Size: 16KB - Virtual size: 14KB