wextract.pdb
Overview
overview
10Static
static
3Chams Sudd...rs.exe
windows7-x64
10Chams Sudd...rs.exe
windows10-2004-x64
10Chams Sudd...no.dll
windows7-x64
3Chams Sudd...no.dll
windows10-2004-x64
3Perx Wall ...ed.exe
windows7-x64
3Perx Wall ...ed.exe
windows10-2004-x64
3Perx Wall ...no.dll
windows7-x64
3Perx Wall ...no.dll
windows10-2004-x64
3Siyanur la...ck.exe
windows7-x64
7Siyanur la...ck.exe
windows10-2004-x64
7Static task
static1
Behavioral task
behavioral1
Sample
Chams Sudden + Mado,s Injectors/Mado,s Injectors.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Chams Sudden + Mado,s Injectors/Mado,s Injectors.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Chams Sudden + Mado_s Injectors/UPDATE Chams Sudden Latino.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Chams Sudden + Mado_s Injectors/UPDATE Chams Sudden Latino.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Perx Wall hack S.ALatino/Perx Updated.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Perx Wall hack S.ALatino/Perx Updated.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Perx Wall hack S.ALatino/UPDATE Chams Sudden Latino.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Perx Wall hack S.ALatino/UPDATE Chams Sudden Latino.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Siyanur lag hack- S.A latino/siyanur - Lag Hack.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Siyanur lag hack- S.A latino/siyanur - Lag Hack.exe
Resource
win10v2004-20241007-en
General
-
Target
8ba8f8047917a06adc3f6d807eaf7626_JaffaCakes118
-
Size
1.1MB
-
MD5
8ba8f8047917a06adc3f6d807eaf7626
-
SHA1
937df687973edec3f51550cc5cab9367ab7d1d68
-
SHA256
a17a56a6133deb30a7b5347798b8cac8438e90695cae989a41971fe1583682ba
-
SHA512
b2434f2bd3acbc9b971ed43037706ccbdec3fd7122ad59ec4df7cb8f2e31d25cc10705eaceaedba8a0fe2efd6704518c844f5aa1e383fdf0e1d9f41c7213899a
-
SSDEEP
24576:PhtO1/DsEOLcnKpIfn/jjm0YfoGyFdg6phEACvTHdg6pj:Jtq/DsEiWf/jafotPpCvJPp
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/Chams Sudden + Mado,s Injectors/Mado,s Injectors.exe unpack001/Chams Sudden + Mado,s Injectors/UPDATE Chams Sudden Latino.dll unpack001/Perx Wall hack S.ALatino/Perx Updated.exe unpack001/Perx Wall hack S.ALatino/UPDATE Chams Sudden Latino.dll unpack001/Siyanur lag hack- S.A latino/siyanur - Lag Hack.exe
Files
-
8ba8f8047917a06adc3f6d807eaf7626_JaffaCakes118.rar
-
Chams Sudden + Mado,s Injectors/Dibujo.PNG.png
-
Chams Sudden + Mado,s Injectors/Mado,s Injectors.exe.exe windows:5 windows x86 arch:x86
0ebb3c09b06b1666d307952e824c8697
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
kernel32
LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource
gdi32
GetDeviceCaps
user32
ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics
comctl32
ord17
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 158KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Chams Sudden + Mado,s Injectors/UPDATE Chams Sudden Latino.dll.dll windows:5 windows x86 arch:x86
e13629fc29b9c5c6280e1b1d49f5356f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\abdul1\Documents\D-A Team BugFire\D3DDrv\Release\UKnownCheat's CF pub By sam22 aka afg.pdb
Imports
kernel32
LoadLibraryW
GetVersionExW
GetProcAddress
DisableThreadLibraryCalls
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualQuery
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapAlloc
LCMapStringW
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
IsProcessorFeaturePresent
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
FlushFileBuffers
user32
MessageBoxW
GetAsyncKeyState
EnumDisplayDevicesW
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Perx Wall hack S.ALatino/Perx Updated.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\home\documents\visual studio 2010\Projects\Injector\Injector\obj\x86\Debug\xi1njacta.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 141KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 150B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Perx Wall hack S.ALatino/UPDATE Chams Sudden Latino.dll.dll windows:5 windows x86 arch:x86
e13629fc29b9c5c6280e1b1d49f5356f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\abdul1\Documents\D-A Team BugFire\D3DDrv\Release\UKnownCheat's CF pub By sam22 aka afg.pdb
Imports
kernel32
LoadLibraryW
GetVersionExW
GetProcAddress
DisableThreadLibraryCalls
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualQuery
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapAlloc
LCMapStringW
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
IsProcessorFeaturePresent
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
FlushFileBuffers
user32
MessageBoxW
GetAsyncKeyState
EnumDisplayDevicesW
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Siyanur lag hack- S.A latino/siyanur - Lag Hack.exe.exe windows:1 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ