3c4f14e6e8833839fc0b3a1444245a78_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c4f14e6e8833839fc0b3a1444245a78_JaffaCakes118
Size

4.4MB
MD5

3c4f14e6e8833839fc0b3a1444245a78
SHA1

febf148499ffaeb46f8d9a3a6dfbfb469ce36f31
SHA256

ad4450fc5676e7e11b476f602631533b447acbce1affd20cd6962d8e0cb42b39
SHA512

3737e9dc4272db3a4c9446ea1d7958a5aae3cbdc9905b0c15e9b698f251b9b6f4a802849bf54fe8fd982b5d5d5bfd52081973dc46ee956b3a5f4f27b514d1aa3
SSDEEP

98304:i/RkwX8o3pErz7tDgQf3tAU0m4NIcBlw3sb:i/RBQz7JvA3ugPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TLGAME.dat
unpack001/Updater.NEW

Files

3c4f14e6e8833839fc0b3a1444245a78_JaffaCakes118
.zip
Resource/Client/Tooltipinfo.bin
TLGAME.dat
.exe windows:4 windows x86 arch:x86

7bd15c233b3dc7727769d861df143ca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\komso\MHSource(大馬最新源碼已修復攻擊漏洞)\Obj\MHClient\MHClient___Win32_Semi_Release\MHClient-Connect.pdb

Imports

soundlib

CreateSoundLib

imm32

ImmGetContext
ImmSetOpenStatus
ImmReleaseContext
ImmNotifyIME
ImmGetDefaultIMEWnd

winmm

timeGetTime

ss3dgfunc

_COLORtoDWORD@16
_CrossProduct@12
_Normalize@8
_VECTOR3Length@4
_TransformVector3_VPTR2@16
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_CalcDistance@8

wsock32

gethostbyname
inet_addr
sendto
WSAGetLastError
setsockopt
WSACleanup
WSAStartup
recvfrom

dinput8

DirectInput8Create

ws2_32

WSASocketA

kernel32

WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
RtlUnwind
WriteConsoleW
GetStringTypeW
GetStringTypeA
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
CloseHandle
GetLastError
CreateFileMappingA
FileTimeToSystemTime
GetCurrentDirectoryA
GetWindowsDirectoryA
SetUnhandledExceptionFilter
lstrcpynA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
lstrcatA
GetProcAddress
LoadLibraryA
lstrcpyA
FormatMessageA
GetModuleHandleA
IsBadReadPtr
CreateSemaphoreA
ReleaseSemaphore
HeapFree
GetProcessHeap
WaitForMultipleObjects
GetSystemTimeAsFileTime
HeapAlloc
CreateEventA
GetLocalTime
IsDBCSLeadByte
GetTickCount
lstrlenA
MulDiv
CopyFileA
OutputDebugStringA
FreeLibrary
lstrcmpA
ReadFile
WriteFile
GlobalFree
GetFileType
GlobalLock
GlobalAlloc
GetSystemTime
Process32Next
GetConsoleOutputCP
CreateToolhelp32Snapshot
SetCurrentDirectoryA
GetFileSize
Sleep
SetEvent
OpenFile
WaitForSingleObject
ResetEvent
OpenEventA
GlobalAddAtomA
LocalFree
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
SetFilePointer
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
VirtualQuery
LeaveCriticalSection
HeapSize
LoadLibraryW
SetConsoleCtrlHandler
SetHandleCount
GetCurrentThread
SetLastError
CreateThread
ExitThread
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoA
GetVersionExA
GetCommandLineA
ExitProcess
GetTimeZoneInformation
SetEndOfFile
InterlockedCompareExchange
MultiByteToWideChar
TlsAlloc
TlsFree
TlsGetValue
GetSystemInfo
CompareStringA
CompareStringW
TlsSetValue
ResumeThread
EnterCriticalSection
DeleteCriticalSection
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RaiseException
SystemTimeToFileTime
SetWaitableTimer
Process32First
CreateWaitableTimerA
GetStdHandle
GlobalUnlock
SetEnvironmentVariableA
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetModuleFileNameW

user32

SendMessageA
wsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
RegisterHotKey
UnregisterHotKey
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
GetActiveWindow
FindWindowA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharNextA
GetDC
ReleaseDC
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
PostMessageA
CharPrevA
SetRect
EndDialog
DefWindowProcA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
ShowCursor
LoadIconA
RegisterClassExA
MessageBoxA

gdi32

AddFontResourceA
DeleteObject
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
GetStockObject
GetDeviceCaps

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize

freeimage

_FreeImage_SaveJPEG@12
_FreeImage_Load@12
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Unload@4

shlwapi

PathFileExistsA

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 672KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Updater.NEW
.exe windows:5 windows x86 arch:x86

2054eb2db5eb8c0f9cd339578f4e4b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW

Sections

Size: 1.0MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 856KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ezpffimp
Size: 969KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bqpwmbpp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
image/ftwrk.lex

Sharing

General

Malware Config

Signatures

Files

7bd15c233b3dc7727769d861df143ca2

Headers

File Characteristics

PDB Paths

Imports

soundlib

imm32

winmm

ss3dgfunc

wsock32

dinput8

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

freeimage

shlwapi

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 380KB - Virtual size: 378KB

.data Size: 672KB - Virtual size: 1.1MB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 24KB - Virtual size: 22KB

2054eb2db5eb8c0f9cd339578f4e4b6d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 1.0MB - Virtual size: 2.3MB

.rsrc Size: 856KB - Virtual size: 1.1MB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 1.2MB

ezpffimp Size: 969KB - Virtual size: 972KB

bqpwmbpp Size: 512B - Virtual size: 4KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 380KB - Virtual size: 378KB

.data
Size: 672KB - Virtual size: 1.1MB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 856KB - Virtual size: 1.1MB

.idata
Size: 512B - Virtual size: 4KB

ezpffimp
Size: 969KB - Virtual size: 972KB

bqpwmbpp
Size: 512B - Virtual size: 4KB