2b47b321bd102044cf116065ed3d7fc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b47b321bd102044cf116065ed3d7fc1_JaffaCakes118
Size

7.4MB
MD5

2b47b321bd102044cf116065ed3d7fc1
SHA1

23f787bb4cba0a284c68d5f4dba8adfa83769269
SHA256

15d2b6e4390d95c9b79e315c24ba1c78fb3e0aa371f70d97aa7590af0fb59353
SHA512

2cc06e974501dab5ace99118f695d47caa6c0b657800c760970394f59508abc209fb2dbc7da1772d76adfd832ef48ba31c32b57bfba341f76aa1ff163e8f2ae9
SSDEEP

196608:C9IuOLzXmdLiWRzDnhSch0z5I3Y+qOuW356HHjdNugZagkUHEN31dkW:kIuSz9iz9SciKzq3njdL8oExR

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/myAC1.6.2.4PRO/Client/acdev.sys
unpack001/myAC1.6.2.4PRO/Client/myAC.ex
unpack001/myAC1.6.2.4PRO/Client/myAC.exe
unpack001/myAC1.6.2.4PRO/GetMD5/GetMD5.exe
unpack001/myAC1.6.2.4PRO/SQLBan/myacbans.dll
unpack001/myAC1.6.2.4PRO/Server/myACserv.exe
unpack001/myAC1.6.2.4PRO/ServerConsole/myACsrv.exe
unpack001/myAC1.6.2.4PRO/ServerNG/myACsrvNG.exe
unpack001/myAC1.6.2.4PRO/UpdServ/UpdServ.exe
unpack001/myAC1.6.2.4PRO/UpdServ/UpdServNG.exe

Files

2b47b321bd102044cf116065ed3d7fc1_JaffaCakes118
.rar
myAC1.6.2.4PRO/Client/acdev.sys
.dll windows:4 windows x86 arch:x86

4765c2be75cfdf951edcb18cbb6f350f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwQueryInformationProcess
ObfDereferenceObject
_strlwr
RtlUnicodeStringToAnsiString
ZwClose
ObOpenObjectByPointer
PsLookupProcessByProcessId
KeQuerySystemTime
ExAllocatePool
ZwQuerySystemInformation
RtlInitUnicodeString
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
PsRemoveLoadImageNotifyRoutine
KeSetEvent
KeWaitForSingleObject
NtBuildNumber
KeServiceDescriptorTable
RtlEqualUnicodeString
_except_handler3
MmUserProbeAddress
PsGetCurrentProcessId
RtlCompareMemory
ZwQueryInformationFile
ZwReadFile
ZwOpenFile
MmUnmapIoSpace
READ_REGISTER_BUFFER_UCHAR
MmMapIoSpace
IofCompleteRequest
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
ExFreePoolWithTag
ExAllocatePoolWithTag
KeInitializeEvent
memset
memcpy

hal

KfLowerIrql
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfRaiseIrql

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.myAC1
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myAC1.6.2.4PRO/Client/config.ini
myAC1.6.2.4PRO/Client/help_x64.txt
myAC1.6.2.4PRO/Client/myAC.ex
.exe windows:4 windows x86 arch:x86

368e3e49caa60c6ee064142ef7f4f5b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnumCalendarInfoA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DispatchMessageW

advapi32

RegCloseKey

oleaut32

SafeArrayCreate

version

GetFileVersionInfoA

gdi32

Polygon

ole32

CoUninitialize

comctl32

ImageList_Replace

winspool.drv

ClosePrinter

shell32

ShellExecuteW

ntdll

RtlUnicodeStringToAnsiString

winmm

timeGetTime

Exports

Exports

�t ��M]α�AK��b�_lTA��u�36��w��Q�� D�_��?(�}Q}�l��c��lJ"�n�d�-_g� ��֗��_�� #��c�_��&��U�R��b�]��*�g�GwE��I�F�֔3�.�ߚ��k�ثQ�-:&~�0��]�K��ɵ��@(��T�at�.\�l3��fE�|rw|Am9MB��(J�K�< �A.\�ZL��j�c~۟Y��E��̣�:��@g��@ނK��#��v��5�#%2܈��ʽ3=pޜ��J&p�m�k�ۘ;��L4�� f��G(�?f��4��E� ,�� q�ff��E2DE�߬z@��SnN�.]�#��u��21 �,hFȑ�Y�;8̓�o��)�b��*l�1�΅�s �-��V��G��f�Ȱ� �џ�_-��yJ��tN�!��rr!|d�&��s��.7Sk�Rh��s�`A8��eC�}�۽3�׳ S��_ �#�#��N�w�Xn�K��K�@Zh�J��x��d�3��1nL�ͷ�+�z�fcT�*��E��i�)C�f&o5�9Us��~��c1� �K��kT-�W2�%��C4��?qo�o�Q�]=ۆ�`cYF��M��C=��@�Z� )�8b��g*��>�j�q/��IRX+;Tn��m�Z!"��jr��u��P^��>�F��E��7h3+j�s�"U��j&�#�0gц. �i��O1��!0&��c_A|�И}�[:��$]7cKIs��l��kF��F�>� ъ(fG0�fA�� %��q�x��m4@��v)!T�i��ꍪ��W��Q>Xm�N{��Xj��k�Jm�<<C� �A�}�AG�L,V��km:�/��3��]�P��`A����L��Y�0ٔ5�RT��&�N��ќ��u3��E�T91��i�t��~��E��ʉs��>��9ӣ��S�P�V"f< P��W :-P忲��䠻 ��`�e�Hx�?��w�9܆�+2�>d��n3e��o�%�z�gCI��(��.��Y�9�6&��I&t�סT��Y?��xjl��ؔ�S�㰭SK�gB5t��3Q��#�{:IM��{V��K��g��y�jӓ~�I.U94d@�L�}��D�e�k\$4��,h�B2ZLl�W��15w�[��l��!M��,��*YL�~��d�B#�G��&�~�nK�ϔ��VR"OV��0�W��s'�ԭ�2�}��l^��o�v �H��4{��T)��ԟ(��j3�k�/��Qu{��h.AS ��x�j�{��$Lil(��0�&�-��@%(h\�ptP�`i��b^�K��sf�{�f:Ti®�(��hs��"#b�tA��[N�Q"�&��橝w��mt R�Z^�m�w��:�V��&��ϫvՀ�XiU� 9� |�e��G��Swқ�meH� ��ן �?��9��΀w8dB�1�u��n��ڌ;��A�ݢ3|� y�L�m�,�<�]�;�� [oHv��~��;*�+��p㞅'Yn2��ۨI�7\��F��Ͷ�p-�d��M8[b�Y��E�v9EP�G�c��,S�֧�yϯ�T�,��R�➌k��ΦgvS� ]��u�"R�+<��tP��.h��T�9�_`�Yi�4��΢_x1)�zj�D�i��E�g�g�L��#[�\ �j�A�L;��σx��Q)zv��z��,��.Q-�WO��?�a��|�!�q��=K�tJ��DG��n�W��ּ�j�M��޲�i,?7M^U��r��|�� ]��f��#d<��ѳ�.u��ҲF��+ob��SX��+��-��{��1��>Mp�=�>y]��#Ig=�,��2�\1rKፆ��BP��]H�w^~=P}��5��)�>`lŷ�&k}_�V]�b8��眔!��#�I��Ay?��B��jE�Y_��c:��v^5EG0j��+�v/T�J%�33T-�^ѧ�� Z<[��s�U)�=��J3%��aH7�<"6K��Ow��Y�S�[�p��>g�p��ȿ'g��I��î�on�S��6��s� sXf��!��*\��_�T��`�;��&-��}��Rݾ#��*�w�Q�l�NE% If�ҷ�A��VWx��^��]<�y��1x��۳rM��v�kߔ.=� ӣ�S,��8B]En{��"D�y��k��P�L��Dٵ\&z��u>��`�y{|�Զ�fA�5��/z]�$�m6c��O�)U�So��0L"T��E<$"��<J�9�ή�|k�l�mT�o�yi�{+��)s�p(|6/��~�5��0z=�\��$��<{s�Ӻ?*��|��?�-��aB*Oj��]�(a�(6!��Ay��v8d��~�7ϕ]L�ҧ�n�� (��ǂ9?�tdp��A�X"҈i��J��?��e��a��:`?J��Ι�%�J`:��N��%LRU��&2��<)��y|��$F�ܴ�6�(q0Q 8�-ĉ �uI��D�$ 2��uT�N3�]��j,H�@_��eW"�\(m�_�z"~�v"b �T��b� ��r��To��n�b �*ۑ�s��_�Z�� Vv�\6?X` !b��И}��q��-DK��S�>X��7�w.��"@��[b%�u~�N��k ]ٟ�%'m��j��+��Gd�LХ�b��*.#zc��d��mn�8�p_��rf�E7�UTV<+�jp�C��{X��f��#�h�\��w��5��ƺ��1��6�?��f��U^�rj

Sections

CODE
Size: - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 506KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/Client/myAC.exe
.exe windows:4 windows x86 arch:x86

42a187fffb91fc9f0cd53926cc6e89c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LeaveCriticalSection
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

advapi32

RegCreateKeyA

oleaut32

SysReAllocStringLen

gdi32

BitBlt

ntdll

RtlNtStatusToDosError

Sections

CODE
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 897KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/GetMD5/GetMD5.cmd
myAC1.6.2.4PRO/GetMD5/GetMD5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
myAC1.6.2.4PRO/GetMD5/ch_list.txt
myAC1.6.2.4PRO/PhpBanList_from_DB/index.php
myAC1.6.2.4PRO/PhpBanList_from_DB/myac.sql
myAC1.6.2.4PRO/SQLBan/SqlBan_src.zip
.zip
libsql/ASyncDB.pas
libsql/ModifiedArtisticLicense.txt
libsql/about.txt
libsql/changes.txt
.vbs
libsql/install.txt
libsql/jansql/changes.txt
libsql/jansql/credits.txt
libsql/jansql/janSQL.GID
libsql/jansql/janSQL.cnt
libsql/jansql/janSQL.dcu
libsql/jansql/janSQL.hlp
libsql/jansql/janSQL.pas
libsql/jansql/janSQLExpression2.dcu
libsql/jansql/janSQLExpression2.pas
libsql/jansql/janSQLTokenizer.dcu
libsql/jansql/janSQLTokenizer.pas
libsql/jansql/janSQLstrings.dcu
libsql/jansql/janSQLstrings.pas
libsql/jansql/jansql_LICENSE.TXT
libsql/jansql/jansql_samples.txt
libsql/jansql/mwStringHashList.dcu
libsql/jansql/mwStringHashList.pas
.js
libsql/libmysql.pas
.js
libsql/libodbc32.pas
.js
libsql/libpgsql.pas
libsql/libsql.pas
libsql/libsql.res
libsql/libsql_d5.res
libsql/libsql_d7.res
libsql/libsqlite.pas
.js
libsql/libsqlite3.pas
.js
libsql/libsqlversion.inc
libsql/lsdatasetbase.pas
libsql/lsdatasetquery.pas
libsql/lsdatasettable.pas
libsql/pasjansql.pas
.js
libsql/pasmysql.pas
.js
libsql/pasodbc.pas
.js
libsql/passql.pas
.js
libsql/passqlite.pas
.js
libsql/pasthreadedsqlite.pas
libsql/readme.txt
libsql/sqlcomp_nodataset.pas
libsql/sqlcomponents.pas
libsql/sqlsupport.pas
libsql/staticsqlite3.pas
libsql/utf8util.pas
libsql/vclsql.pas
.js
src/ProjectGroup1.bpg
src/TestACDB.cfg
src/TestACDB.dpr
src/TestACDB.res
src/UnitACDB.dfm
src/UnitACDB.pas
.js
src/myacbans.cfg
src/myacbans.dpr
src/myacbans.ini
src/myacbans.res
myAC1.6.2.4PRO/SQLBan/amxbans/amx_banhistory.sql
myAC1.6.2.4PRO/SQLBan/amxbans/amx_bans.sql
myAC1.6.2.4PRO/SQLBan/amxbans/plugin.zip
.zip
plugin/amxmodx/configs/amxbans.cfg
plugin/amxmodx/data/lang/amxbans.txt
plugin/amxmodx/scripting/admin_amxbans.sma
plugin/amxmodx/scripting/amxbans.sma
plugin/amxmodx/scripting/amxbans/check_player.inl
plugin/amxmodx/scripting/amxbans/cmdBan.inl
plugin/amxmodx/scripting/amxbans/cmdUnban.inl
plugin/amxmodx/scripting/amxbans/global_vars.inl
plugin/amxmodx/scripting/amxbans/init_functions.inl
plugin/amxmodx/scripting/amxbans/menu.inl
plugin/amxmodx/scripting/amxbans/search.inl
myAC1.6.2.4PRO/SQLBan/amxbans/web_new.zip
.zip
web_new/admin/add_ban.php
web_new/admin/edit_ban.php
web_new/admin/edit_ban_ex.php
web_new/ban_details.php
web_new/ban_list.php
web_new/ban_search.php
web_new/templates/add_ban.tpl
web_new/templates/ban_details.tpl
web_new/templates/ban_search.tpl
web_new/templates/edit_ban.tpl
web_new/templates/edit_ban_ex.tpl
myAC1.6.2.4PRO/SQLBan/mssql.sql
myAC1.6.2.4PRO/SQLBan/myacbans.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

BanGotoHistory
GetBanUserInfo
GetLastErrorMsg
SetBanUserInfo
dbConnect
dbDisConnect

Sections

CODE
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
myAC1.6.2.4PRO/SQLBan/myacbans.ini
myAC1.6.2.4PRO/SQLBan/mysql.sql
myAC1.6.2.4PRO/SQLBan/readme.txt
myAC1.6.2.4PRO/Server/adm_msg.txt
myAC1.6.2.4PRO/Server/config.ini
myAC1.6.2.4PRO/Server/config_pro.ini
myAC1.6.2.4PRO/Server/configs/banslist.txt
myAC1.6.2.4PRO/Server/configs/cdb.dat
myAC1.6.2.4PRO/Server/configs/cheats2.dat
.eml
myAC1.6.2.4PRO/Server/configs/cheatslist.txt
myAC1.6.2.4PRO/Server/configs/for_HL2.zip
.zip
for_HL2/cdb.dat
for_HL2/cheatslist.txt
myAC1.6.2.4PRO/Server/configs/gamefiles.txt
myAC1.6.2.4PRO/Server/configs/hl2data.dat
myAC1.6.2.4PRO/Server/logfile_help.txt
myAC1.6.2.4PRO/Server/myACserv.exe
.exe windows:4 windows x86 arch:x86

63a887f12cabcdcc7e136c032719ad4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetFileAttributesA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

ExtTextOutA

ole32

CoUninitialize

comctl32

ImageList_GetBkColor

shell32

ShellExecuteA

Sections

CODE
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 31KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/Server/registration.txt
myAC1.6.2.4PRO/Server/rus_xp.reg
myAC1.6.2.4PRO/Server/www.myac.msk.ru.url
myAC1.6.2.4PRO/ServerConsole/info.txt
myAC1.6.2.4PRO/ServerConsole/myACsrv.exe
.exe windows:4 windows x86 arch:x86

bac2910d0ea7bb3c7736d7f58e1e352f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType

advapi32

RegCloseKey

oleaut32

SysReAllocStringLen

Sections

CODE
Size: - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/ServerNG/config.ini
myAC1.6.2.4PRO/ServerNG/info.txt
myAC1.6.2.4PRO/ServerNG/myACsrvNG.exe
.exe windows:4 windows x86 arch:x86

f158ec9cecd0aaf6e6cfd884144da2ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FileTimeToLocalFileTime
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharNextA

advapi32

RegQueryValueExA

oleaut32

VariantClear

wsock32

listen

ws2_32

WSAIoctl

Sections

CODE
Size: - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/UpdServ/UpdServ.exe
.exe windows:4 windows x86 arch:x86

b6cce7cf405be2a7b4b32ec4cb77777a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

Sections

CODE
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC1
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/UpdServ/UpdServNG.exe
.exe windows:4 windows x86 arch:x86

66d9432e0a1b5e36228593c994b0bda0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA

advapi32

RegQueryValueExA

oleaut32

VariantClear

wsock32

listen

ws2_32

getaddrinfo

Sections

CODE
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myAC1
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.myAC2
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
myAC1.6.2.4PRO/UpdServ/logs/upds_20110314.log
myAC1.6.2.4PRO/UpdServ/readme.txt
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/new/Dedicated-Server_RU - myAC Plugin.htm
.html
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/new/myac_shadow_v4.6.rar
.rar
configs/myac.cfg
configs/whitelist.txt
data/helpmyac.txt
models/pingvin.mdl
myachelp.sma
plugins/myachelp.amxx
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/new/myac_shadow_v4.7.rar
.rar
myac/configs/myac.cfg
myac/configs/whitelist.txt
myac/data/helpmyac.txt
myac/models/pingvin.mdl
myac/myachelp.sma
myac/plugins/myachelp.amxx
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/new/myac_shadow_v4.7_no_model.rar
.rar
myac no model/configs/myac.cfg
myac no model/configs/whitelist.txt
myac no model/data/helpmyac.txt
myac no model/myachelp.sma
myac no model/plugins/myachelp.amxx
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/old/amxmodx.rar
.rar
myAC1.6.2.4PRO/amxx/HL1/by_CLLlAgOB/old/readme.txt
myAC1.6.2.4PRO/amxx/HL1/standart/compile_myac.sh
.sh linux
myAC1.6.2.4PRO/amxx/HL1/standart/myac.amxx
myAC1.6.2.4PRO/amxx/HL1/standart/myac.sma
myAC1.6.2.4PRO/amxx/HL1/standart/whitelist.txt
myAC1.6.2.4PRO/amxx/HL2/by_CLLlAgOB/about.txt
myAC1.6.2.4PRO/amxx/HL2/by_CLLlAgOB/myac_tem_lock.rar
.rar
myAC1.6.2.4PRO/amxx/HL2/by_name/about.txt
myAC1.6.2.4PRO/amxx/HL2/by_name/sm_myac.zip
.zip
myAC1.6.2.4PRO/changes.txt
myAC1.6.2.4PRO/faq_myac.html
myAC1.6.2.4PRO/help_x64.txt
myAC1.6.2.4PRO/inno_setup/myac_setup.iss
myAC1.6.2.4PRO/inno_setup/readme.txt
myAC1.6.2.4PRO/readme.txt

Sharing

General

Malware Config

Signatures

Files

4765c2be75cfdf951edcb18cbb6f350f

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 512B - Virtual size: 508B

.data Size: 512B - Virtual size: 328B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 176B

.myAC0 Size: 1KB - Virtual size: 1KB

.myAC1 Size: 150KB - Virtual size: 150KB

.reloc Size: 1KB - Virtual size: 1KB

368e3e49caa60c6ee064142ef7f4f5b0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winspool.drv

shell32

ntdll

winmm

Exports

Exports

Sections

CODE Size: - Virtual size: 1004KB

DATA Size: - Virtual size: 31KB

BSS Size: - Virtual size: 506KB

.idata Size: - Virtual size: 12KB

.tls Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 24B

.myAC0 Size: - Virtual size: 66KB

.rsrc Size: 31KB - Virtual size: 142KB

.myAC1 Size: - Virtual size: 726KB

.myAC2 Size: 1.5MB - Virtual size: 1.5MB

42a187fffb91fc9f0cd53926cc6e89c3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ntdll

Sections

CODE Size: - Virtual size: 51KB

DATA Size: - Virtual size: 1KB

BSS Size: - Virtual size: 7KB

.idata Size: - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: - Virtual size: 24B

.myAC0 Size: - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 460KB

.myAC1 Size: - Virtual size: 429KB

.myAC2 Size: 897KB - Virtual size: 896KB

Headers

File Characteristics

Sections

CODE Size: 73KB - Virtual size: 72KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 512B - Virtual size: 508B

.data
Size: 512B - Virtual size: 328B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 176B

.myAC0
Size: 1KB - Virtual size: 1KB

.myAC1
Size: 150KB - Virtual size: 150KB

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: - Virtual size: 1004KB

DATA
Size: - Virtual size: 31KB

BSS
Size: - Virtual size: 506KB

.idata
Size: - Virtual size: 12KB

.tls
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 24B

.myAC0
Size: - Virtual size: 66KB

.rsrc
Size: 31KB - Virtual size: 142KB

.myAC1
Size: - Virtual size: 726KB

.myAC2
Size: 1.5MB - Virtual size: 1.5MB

CODE
Size: - Virtual size: 51KB

DATA
Size: - Virtual size: 1KB

BSS
Size: - Virtual size: 7KB

.idata
Size: - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: - Virtual size: 24B

.myAC0
Size: - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 460KB

.myAC1
Size: - Virtual size: 429KB

.myAC2
Size: 897KB - Virtual size: 896KB

CODE
Size: 73KB - Virtual size: 72KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 170KB - Virtual size: 169KB

DATA
Size: 2KB - Virtual size: 2KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 197B

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: - Virtual size: 796KB

DATA
Size: - Virtual size: 15KB

BSS
Size: - Virtual size: 31KB

.idata
Size: - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

.myAC0
Size: - Virtual size: 55KB

.rsrc
Size: 32KB - Virtual size: 156KB

.myAC1
Size: - Virtual size: 492KB

.myAC2
Size: 1.1MB - Virtual size: 1.1MB

CODE
Size: - Virtual size: 245KB

DATA
Size: - Virtual size: 8KB

BSS
Size: - Virtual size: 21KB

.idata
Size: - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: - Virtual size: 24B

.myAC0
Size: - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 12KB

.myAC1
Size: - Virtual size: 432KB

.myAC2
Size: 652KB - Virtual size: 652KB

CODE
Size: - Virtual size: 266KB