3adef3ffc6c77f97a6f90dd104ae30a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3adef3ffc6c77f97a6f90dd104ae30a3_JaffaCakes118
Size

288KB
MD5

3adef3ffc6c77f97a6f90dd104ae30a3
SHA1

2a7f5b899e2071038c67f6edc3973af85e61860d
SHA256

a3c5a5e5a21dfe1f420d4b17b3bff4e9cf416c482f6d1af1e137f38b77688d9b
SHA512

d7478a45504a14448a636eb51d8cebf178511828ce6020121267072d79535728b86106894d6c9a278d0a4f4b4b60cf6f91bd084181638be646855202d2d95b73
SSDEEP

6144:xidoICUWqQEJCQuh9HxygXqv5T+gS0XMdjRHMxS77KAU2rQ:xwo3UFCQJe/gSVBRbKAU20

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PerX.exe
unpack001/warface_simple_hook_v1_4_by_ac1d.dll

Files

3adef3ffc6c77f97a6f90dd104ae30a3_JaffaCakes118
.rar
PerX.exe
.exe windows:4 windows x86 arch:x86

94400fe3e62cd2376124312fe435b8e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassExA
PostQuitMessage
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetModuleHandleA
HeapAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
WriteFile
SizeofResource
SetFileAttributesA
RtlMoveMemory
LockResource
LoadResource
LoadLibraryA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GlobalFree
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
HeapFree

shlwapi

PathFindFileNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PerX.ini
warface_simple_hook_v1_4_by_ac1d.dll
.dll windows:5 windows x86 arch:x86

8e5555c19c5e062da9549f0fdbcd0c9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Gh\D3D Hacks\Base2\Le base\Release\Hook.pdb

Imports

kernel32

VirtualProtect
GetModuleHandleA
ExitProcess
Sleep
CreateThread
VirtualAlloc
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

ScreenToClient
SetRect
VkKeyScanA
keybd_event
GetAsyncKeyState
GetCursorPos
GetForegroundWindow

shell32

ShellExecuteA

msvcp100

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_BADOFF@std@@3_JB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_CIsqrt
memmove
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_CIsin
memset
malloc
sprintf
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
fgetc
fputc
ungetc
_lock_file
_unlock_file
fflush
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
setvbuf
memcpy_s
fwrite
fgetpos
_fseeki64
fsetpos
fclose
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_CIcos
memcpy
??3@YAXPAX@Z

d3dx9_32

D3DXCreateFontA
D3DXAssembleShader

Exports

Exports

InitSpeed

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94400fe3e62cd2376124312fe435b8e4

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 53KB

.rsrc Size: 330KB - Virtual size: 329KB

8e5555c19c5e062da9549f0fdbcd0c9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp100

msvcr100

d3dx9_32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 53KB

.rsrc
Size: 330KB - Virtual size: 329KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB