458ffc95fb2fd4ff90e985b18e16c53b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

458ffc95fb2fd4ff90e985b18e16c53b_JaffaCakes118
Size

3.7MB
MD5

458ffc95fb2fd4ff90e985b18e16c53b
SHA1

261e6026091de6f76cfdceb437dcf52869f40ec2
SHA256

d5e6f571a9a27b3827ff6a907503f5393571e93ae56311922ccf4fa8582a362d
SHA512

718350be7bf1b8cd9ae4727a6788bfd5412c5f8c56fe5ebb213fe98add7cf3be8df28e62edf3e4d67d60e2b3105265ba83055e0b785582b3095346ec005ba9a2
SSDEEP

98304:8AJWNkKRF7YpI4R3hEOXsNUHmIOoUBO6Bzm32y9kvYRgGjo:u9RH4UNUFOT3BzmxkvYRbk

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/patch/Updater.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/patch/Updater.exe
unpack002/out.upx
unpack001/patch/system/ALAudio.dll
unpack001/patch/system/L2.exe
unpack001/patch/system/bfishy.dll

Files

458ffc95fb2fd4ff90e985b18e16c53b_JaffaCakes118
.rar
patch/Updater.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 693KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 587KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 918KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
patch/system/ALAudio.dll
.dll windows:4 windows x86 arch:x86

8e42d296e9fe242e90224190b6a790ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

core

?GMalloc@@3PAVFMalloc@@A
?StaticAllocateObject@UObject@@SAPAV1@PAVUClass@@PAV1@VFName@@K1PAVFOutputDevice@@11@Z
?GError@@3PAVFOutputDeviceError@@A
??1FString@@QAE@XZ
??0FString@@QAE@ABV0@@Z
??4FString@@QAEAAV0@ABV0@@Z
?Add@FArray@@QAEHHH@Z
??1FArray@@QAE@XZ
?Realloc@FArray@@IAEXH@Z
?Remove@FArray@@QAEXHHH@Z
?appFailAssert@@YAXPBD0H@Z
?ConditionalDestroy@UObject@@QAEHXZ
?QueryInterface@UObject@@UAGKABVFGuid@@PAPAX@Z
?AddRef@UObject@@UAGKXZ
?Release@UObject@@UAGKXZ
?ProcessEvent@UObject@@UAEXPAVUFunction@@PAX1@Z
?ProcessDelegate@UObject@@UAEXVFName@@PAUFScriptDelegate@@PAX2@Z
?ProcessState@UObject@@UAEXM@Z
?ProcessRemoteFunction@UObject@@UAEHPAVUFunction@@PAXPAUFFrame@@@Z
?Modify@UObject@@UAEXXZ
?PostLoad@UObject@@UAEXXZ
?IsPendingKill@UObject@@UAEHXZ
?GotoState@UObject@@UAE?AW4EGotoState@@VFName@@@Z
?GotoLabel@UObject@@UAEHVFName@@@Z
?InitExecution@UObject@@UAEXXZ
?CallFunction@UObject@@UAEXAAUFFrame@@QAXPAVUFunction@@@Z
?ScriptConsoleExec@UObject@@UAEHPBGAAVFOutputDevice@@PAV1@@Z
?Register@UObject@@UAEXXZ
?LanguageChange@UObject@@UAEXXZ
?ClearL2Game@UObject@@UAEXXZ
?Rename@UObject@@UAEXPBGPAV1@@Z
?NetDirty@UObject@@UAEXPAVUProperty@@@Z
?IsLoaded@UObject@@UAEHXZ
?Tick@USubsystem@@UAEXM@Z
??4UObject@@QAEAAV0@ABV0@@Z
??3UObject@@SAXPAXI@Z
?GObjObjects@UObject@@1V?$TArray@PAVUObject@@@@A
?appUnwindf@@YAXPBGZZ
??0UFloatProperty@@QAE@W4ECppProperty@@HPBGK@Z
?PrivateStaticClass@UFloatProperty@@0VUClass@@A
??0UIntProperty@@QAE@W4ECppProperty@@HPBGK@Z
?PrivateStaticClass@UIntProperty@@0VUClass@@A
??0UBoolProperty@@QAE@W4ECppProperty@@HPBGK@Z
?PrivateStaticClass@UBoolProperty@@0VUClass@@A
??0FName@@QAE@PBGW4EFindName@@@Z
?PostLoad@UField@@UAEXXZ
?Destroy@UObject@@UAEXXZ
?Serialize@UBoolProperty@@UAEXAAVFArchive@@@Z
?ShutdownAfterError@UObject@@UAEXXZ
?PostEditChange@UObject@@UAEXXZ
?Register@UField@@UAEXXZ
?AddCppProperty@UField@@UAEXPAVUProperty@@@Z
?MergeBools@UField@@UAEHXZ
?Bind@UField@@UAEXXZ
?GetOwnerClass@UField@@UAEPAVUClass@@XZ
?GetPropertiesSize@UField@@UAEHXZ
?CleanupDestroyed@UProperty@@UBEXPAE@Z
?Link@UBoolProperty@@UAEXAAVFArchive@@PAVUProperty@@@Z
?Identical@UBoolProperty@@UBEHPBX0@Z
?ExportCpp@UProperty@@UBEXAAVFOutputDevice@@HHHH@Z
?ExportCppItem@UBoolProperty@@UBEXAAVFOutputDevice@@H@Z
?SerializeItem@UBoolProperty@@UBEXAAVFArchive@@PAXH@Z
?NetSerializeItem@UBoolProperty@@UBEHAAVFArchive@@PAVUPackageMap@@PAX@Z
?ExportTextItem@UBoolProperty@@UBEXPAGPAE1H@Z
?ImportText@UBoolProperty@@UBEPBGPBGPAEH@Z
?ExportText@UProperty@@UBEHHPAGPAE1H@Z
?CopySingleValue@UBoolProperty@@UBEXPAX0PAVUObject@@@Z
?CopyCompleteValue@UProperty@@UBEXPAX0PAVUObject@@@Z
?DestroyValue@UProperty@@UBEXPAX@Z
?Port@UProperty@@UBEHXZ
?GetID@UProperty@@UBEEXZ
?Serialize@UProperty@@UAEXAAVFArchive@@@Z
?Link@UIntProperty@@UAEXAAVFArchive@@PAVUProperty@@@Z
?Identical@UIntProperty@@UBEHPBX0@Z
?ExportCppItem@UIntProperty@@UBEXAAVFOutputDevice@@H@Z
?SerializeItem@UIntProperty@@UBEXAAVFArchive@@PAXH@Z
?NetSerializeItem@UIntProperty@@UBEHAAVFArchive@@PAVUPackageMap@@PAX@Z
?ExportTextItem@UIntProperty@@UBEXPAGPAE1H@Z
?ImportText@UIntProperty@@UBEPBGPBGPAEH@Z
?CopySingleValue@UIntProperty@@UBEXPAX0PAVUObject@@@Z
?CopyCompleteValue@UIntProperty@@UBEXPAX0PAVUObject@@@Z
?Link@UFloatProperty@@UAEXAAVFArchive@@PAVUProperty@@@Z
?Identical@UFloatProperty@@UBEHPBX0@Z
?ExportCppItem@UFloatProperty@@UBEXAAVFOutputDevice@@H@Z
?SerializeItem@UFloatProperty@@UBEXAAVFArchive@@PAXH@Z
?NetSerializeItem@UFloatProperty@@UBEHAAVFArchive@@PAVUPackageMap@@PAX@Z
?ExportTextItem@UFloatProperty@@UBEXPAGPAE1H@Z
?ImportText@UFloatProperty@@UBEPBGPBGPAEH@Z
?CopySingleValue@UFloatProperty@@UBEXPAX0PAVUObject@@@Z
?CopyCompleteValue@UFloatProperty@@UBEXPAX0PAVUObject@@@Z
??1UIntProperty@@UAE@XZ
??1UBoolProperty@@UAE@XZ
??1UFloatProperty@@UAE@XZ
?Logf2@FOutputDevice@@QAAXW4EName@@PBGZZ
?GLog@@3PAVFOutputDevice@@A
?appFreeDllHandle@@YAXPAX@Z
??9FString@@QBEHPBG@Z
?Logf2@FOutputDevice@@QAAXPBGZZ
?appMemset@@YAXPAXHH@Z
?appStrfind@@YAPBGPBG0@Z
?appFromAnsi@@YAPBGPBDPAG@Z
?appGetDllExport@@YAPAXPAXPBG@Z
?AddZeroed@FArray@@QAEHHH@Z
?appSqrt@@YANN@Z
?Serialize@UObject@@UAEXAAVFArchive@@@Z
?StaticLoadObject@UObject@@SAPAV1@PAVUClass@@PAV1@PBG2KPAVUPackageMap@@@Z
?StaticFindObject@UObject@@SAPAV1@PAVUClass@@PAV1@PBGH@Z
?GIsEditor@@3HA
??DFString@@QBEPBGXZ
?GetTransientPackage@UObject@@SAPAVUPackage@@XZ
??HFString@@QAE?AV0@ABV0@@Z
??0FString@@QAE@PBG@Z
?GCountryCode@@3PAGA
?GLanguageType@@3HA
?GIsNative@@3HA
??4FString@@QAEAAV0@PBG@Z
?appStrcpy@@YAPAGPAGPBG@Z
?GL2ReplayMode@@3HA
?DestroyStream@FFileStream@@QAEXHH@Z
?GFileStream@@3PAVFFileStream@@A
?GAudioMaxRadiusMultiplier@@3MA
?RequestChunks@FFileStream@@QAEXHHPAX@Z
?Logf@FOutputDevice@@QAAXPBGZZ
?GetPathName@UObject@@QBEPBGPAV1@PAG@Z
?CreateStream@FFileStream@@QAEHPBGHHPAXW4EFileStreamType@@1@Z
?Empty@FString@@QAEXXZ
?Size@FVector@@QBEMXZ
?IsValid@UObject@@QAEHXZ
?GAudioDefaultRadius@@3MA
?appAtof@@YAMPBG@Z
?appStrcmp@@YAHPBG0@Z
?ParseCommand@@YAHPAPBGPBG@Z
??1USubsystem@@UAE@XZ
??1UObject@@UAE@XZ
??0FString@@QAE@XZ
??_7USubsystem@@6BFExec@@@
??_7USubsystem@@6BUObject@@@
??_7FExec@@6B@
??0UObject@@QAE@XZ
?appGetDllHandle@@YAPAXPBG@Z
?GConfig@@3PAVFConfigCache@@A
??0FVector@@QAE@XZ
?QueryStream@FFileStream@@QAEHHAAH@Z
?appRand@@YAHXZ
??KFVector@@QBE?AV0@M@Z
?Normalize@FVector@@QAEHXZ
??0UClass@@QAE@W4ENativeConstructor@@KKPAV0@1VFGuid@@PBG33KP6AXPAX@ZP8UObject@@AEXXZ@Z
?StaticConfigName@UObject@@SAPBGXZ
?PrivateStaticClass@UObject@@0VUClass@@A
??1UClass@@UAE@XZ

engine

??1UAudioSubsystem@@UAE@XZ
?CleanUp@UAudioSubsystem@@UAEXXZ
??0UAudioSubsystem@@QAE@ABV0@@Z
?Audio@USound@@2PAVUAudioSubsystem@@A
?PrivateStaticClass@USound@@0VUClass@@A
?PrivateStaticClass@ALineagePlayerController@@0VUClass@@A
?AddMusicName@FL2ReplayManager@@QAEXVFString@@H@Z
?GetState@FL2ReplayManager@@QAEHXZ
??0USound@@QAE@PBGH@Z
?PostLoad@USound@@UAEXXZ
?Destroy@USound@@UAEXXZ
?Serialize@USound@@UAEXAAVFArchive@@@Z
?GetDuration@USound@@UAEMXZ
?PS2Convert@USound@@UAEXXZ
??1USound@@UAE@XZ
?GStats@@3VFStats@@A
?RegisterStats@FStats@@QAEHW4EStatsType@@W4EStatsDataType@@VFString@@2W4EStatsUnit@@@Z
?ReadWaveInfo@FWaveModInfo@@QAEHAAV?$TArray@E@@@Z
??_7UAudioSubsystem@@6BFExec@@@
??_7UAudioSubsystem@@6BUObject@@@
?IsSoundNight@UL2NEnvManager@@QAEHXZ
?IsSoundDay@UL2NEnvManager@@QAEHXZ
?PointRegion@UModel@@QBE?AUFPointRegion@@PAVAZoneInfo@@VFVector@@@Z
?L2GetPhysicsVolume@ALevelInfo@@QAEPAVAPhysicsVolume@@VFVector@@PAVAActor@@H@Z
?PrivateStaticClass@UAudioSubsystem@@0VUClass@@A

vorbisfile

ov_info
ov_time_total
ov_pcm_total

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
VirtualAlloc
WriteFile
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoW

Exports

Exports

??0UALAudioSubsystem@@QAE@ABV0@@Z
??0UALAudioSubsystem@@QAE@XZ
??1UALAudioSubsystem@@UAE@XZ
??2UALAudioSubsystem@@SAPAXIPAVUObject@@VFName@@K@Z
??2UALAudioSubsystem@@SAPAXIPAW4EInternal@@@Z
??4UALAudioSubsystem@@QAEAAV0@ABV0@@Z
??_7UALAudioSubsystem@@6BFExec@@@
??_7UALAudioSubsystem@@6BUObject@@@
?ChangeVoiceChatter@UALAudioSubsystem@@UAEXKKH@Z
?CheckSoundResource@UALAudioSubsystem@@UAEHPAVUSound@@@Z
?ControllMusicResource@UALAudioSubsystem@@UAEXM@Z
?Destroy@UALAudioSubsystem@@UAEXXZ
?EnterVoiceChat@UALAudioSubsystem@@UAEXXZ
?Exec@UALAudioSubsystem@@UAEHPBGAAVFOutputDevice@@@Z
?FindExt@UALAudioSubsystem@@QAEHPBG@Z
?FindProc@UALAudioSubsystem@@QAEXAAPAXPAD1AAHH@Z
?FindProcs@UALAudioSubsystem@@QAEXH@Z
?GEmptySoundSlot@UALAudioSubsystem@@2V?$TArray@H@@A
?GSoundObject@UALAudioSubsystem@@2V?$TArray@PAVUSound@@@@A
?GetMusicVolume@UALAudioSubsystem@@UAEMXZ
?GetNewStream@UALAudioSubsystem@@QAEHXZ
?GetOggVoiceVolume@UALAudioSubsystem@@UAEMXZ
?GetSoundVolume@UALAudioSubsystem@@UAEMXZ
?GetViewport@UALAudioSubsystem@@UAEPAVUViewport@@XZ
?GetWavVoiceVolume@UALAudioSubsystem@@UAEMXZ
?Init@UALAudioSubsystem@@UAEHXZ
?InternalConstructor@UALAudioSubsystem@@SAXPAX@Z
?IsMusicPlaying@UALAudioSubsystem@@UAEHXZ
?IsOggVoicePlaying@UALAudioSubsystem@@UAEHXZ
?IsPlaying@UALAudioSubsystem@@UAEHPAVAActor@@PAVUSound@@@Z
?IsVaild@UALAudioSubsystem@@UAEHXZ
?IsValidGetStream@UALAudioSubsystem@@UAEHXZ
?IsVoiceEnd@UALAudioSubsystem@@UAEHXZ
?IsWavVoicePlaying@UALAudioSubsystem@@UAEHXZ
?LeaveVoiceChat@UALAudioSubsystem@@UAEXXZ
?LowQualitySound@UALAudioSubsystem@@UAEHXZ
?NoteDestroy@UALAudioSubsystem@@UAEXPAVAActor@@@Z
?NoteDestroy@UALAudioSubsystem@@UAEXPAVULevelObject@@@Z
?PlayMusic@UALAudioSubsystem@@UAEHVFString@@MHHMH@Z
?PlayPrevMusic@UALAudioSubsystem@@UAEXMHHMH@Z
?PlaySoundW@UALAudioSubsystem@@UAEHPAVAActor@@HPAVUSound@@VFVector@@MMMHMM@Z
?PlaySoundW@UALAudioSubsystem@@UAEHPAVUSound@@PAVULevelObject@@HVFVector@@MMMHMM@Z
?PlayVoice@UALAudioSubsystem@@UAEHVFString@@MHH@Z
?PostEditChange@UALAudioSubsystem@@UAEXXZ
?PrivateStaticClass@UALAudioSubsystem@@0VUClass@@A
?RegisterSound@UALAudioSubsystem@@UAEXPAVUSound@@@Z
?Serialize@UALAudioSubsystem@@UAEXAAVFArchive@@@Z
?SetI3DL2Listener@UALAudioSubsystem@@QAEXPAVUI3DL2Listener@@@Z
?SetMusicVolume@UALAudioSubsystem@@UAEXHMM@Z
?SetMusicVolume@UALAudioSubsystem@@UAEXM@Z
?SetOggVoiceVolume@UALAudioSubsystem@@UAEXM@Z
?SetSoundVolume@UALAudioSubsystem@@UAEXM@Z
?SetViewport@UALAudioSubsystem@@UAEXPAVUViewport@@@Z
?SetVolumes@UALAudioSubsystem@@QAEXXZ
?SetWavVoiceVolume@UALAudioSubsystem@@UAEXM@Z
?ShutdownAfterError@UALAudioSubsystem@@UAEXXZ
?SoundPriority@UALAudioSubsystem@@QAEMPAVUViewport@@VFVector@@MMH@Z
?StaticClass@UALAudioSubsystem@@SAPAVUClass@@XZ
?StaticConstructor@UALAudioSubsystem@@QAEXXZ
?StopAllMusic@UALAudioSubsystem@@UAEHMH@Z
?StopAllVoice@UALAudioSubsystem@@UAEHMH@Z
?StopMusic@UALAudioSubsystem@@UAEHHMH@Z
?StopSound@UALAudioSubsystem@@QAEXH@Z
?StopSound@UALAudioSubsystem@@UAEHPAVAActor@@PAVUSound@@@Z
?StopSound@UALAudioSubsystem@@UAEHPAVUSound@@PAVULevelObject@@@Z
?UnregisterSound@UALAudioSubsystem@@UAEXPAVUSound@@@Z
?Update@UALAudioSubsystem@@UAEXPAVFSceneNode@@@Z
?UpdateAmbientSounds@UALAudioSubsystem@@QAEXAAV?$TArray@UALAmbient@@@@PAVAAmbientSound@@PAVULevel@@AAVFVector@@@Z
?UpdateAmbientSounds@UALAudioSubsystem@@QAEXAAV?$TArray@UALAmbient@@@@PAVUAmbientSoundObject@@PAVULevel@@AAVFVector@@@Z
?alError@UALAudioSubsystem@@QAEHPAGH@Z
GPackage
_DllMain@12
autoclassUALAudioSubsystem

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patch/system/Client.ini
patch/system/L2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GPackage
hs2ip
i2osp
i2ospsecond
mpadd
mpaddmul
mpaddsqrtrc
mpaddw
mpaddx
mpand
mpbaddmod_w
mpbcopy
mpbfree
mpbinit
mpbits
mpbmod_w
mpbmu_w
mpbmulmod_w
mpbnmulmod
mpbnpowmod
mpbnpowmodsld
mpbnrnd
mpbnsqrmod
mpbpowmod_w
mpbpowmodsld_w
mpbpprime_w
mpbrnd_w
mpbrndinv_w
mpbrndodd_w
mpbset
mpbsethex
mpbsqrmod_w
mpbsubmod_w
mpbsubone
mpbtwopowmod_w
mpbwipe
mpbzero
mpclrlsb
mpclrmsb
mpdivtwo
mpeq
mpeqmone
mpeqx
mpeven
mpextgcd_w
mpfill
mpfprint
mpfprintln
mpgcd_w
mpge
mpgex
mpgt
mpgtx
mpisone
mpistwo
mple
mpleone
mplex
mplsbset
mplshift
mplszcnt
mplt
mpltx
mpmod
mpmsbset
mpmszcnt
mpmul
mpmultwo
mpncopy
mpndivmod
mpne
mpneg
mpnex
mpnfree
mpngetintvalue
mpninit
mpninv
mpnorm
mpnot
mpnset
mpnsethex
mpnsetintvalue
mpnsetw
mpnsize
mpnwipe
mpnz
mpnzero
mpodd
mpor
mppmilrab_w
mppndiv
mpprint
mpprintln
mpprnd_w
mpprndconone_w
mpprndsafe_w
mpptrials
mprshift
mprshiftlsz
mpsdivtwo
mpsetlsb
mpsetmsb
mpsetmul
mpsetw
mpsize
mpsqr
mpsub
mpsubw
mpsubx
mpxor
mpz
mpzero
os2ip
rsakpCopy
rsakpFree
rsakpInit
rsakpMake
rsapri
rsapricrt
rsapub
rsavrfy

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
patch/system/Lineage2us.ini
patch/system/Localization.ini
patch/system/TTFontInfo.ini
patch/system/bfishy.dll
.dll windows:1 windows x86 arch:x86

a56f115ee5ef2625bd949acaeec66b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA

Exports

Exports

DllEntryPoint

Sections

Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zptyhylg
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ttdbgtvv
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
patch/system/bfishy.ini
patch/system/l2.ini
patch/system/user.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 693KB - Virtual size: 696KB

.rsrc Size: 587KB - Virtual size: 588KB

Headers

File Characteristics

Sections

.text Size: 813KB - Virtual size: 812KB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 29KB - Virtual size: 28KB

.bss Size: - Virtual size: 30KB

.idata Size: 13KB - Virtual size: 12KB

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 918KB - Virtual size: 918KB

8e42d296e9fe242e90224190b6a790ce

Headers

File Characteristics

Imports

core

engine

vorbisfile

kernel32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 14KB

.idata Size: 16KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 806B

.reloc Size: 16KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 20KB - Virtual size: 222KB

.idata Size: 24KB - Virtual size: 23KB

.rsrc Size: 84KB - Virtual size: 80KB

a56f115ee5ef2625bd949acaeec66b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

Size: 512B - Virtual size: 16KB

.rsrc Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 1.8MB

zptyhylg Size: 1.4MB - Virtual size: 1.4MB

ttdbgtvv Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 693KB - Virtual size: 696KB

.rsrc
Size: 587KB - Virtual size: 588KB

.text
Size: 813KB - Virtual size: 812KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 29KB - Virtual size: 28KB

.bss
Size: - Virtual size: 30KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 918KB - Virtual size: 918KB

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 14KB

.idata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 806B

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 20KB - Virtual size: 222KB

.idata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 84KB - Virtual size: 80KB

.rsrc
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

zptyhylg
Size: 1.4MB - Virtual size: 1.4MB

ttdbgtvv
Size: 512B - Virtual size: 4KB