JaffaCakes118_487ce12278ea8e217e990f136e121090

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_487ce12278ea8e217e990f136e121090
Size

1.2MB
MD5

487ce12278ea8e217e990f136e121090
SHA1

4e64dab9d4d8304e3ba38eba9ecd4473e65249da
SHA256

2f6538a8e4209104247eb400e1913982822e2dbf546934a21fa531ef5c6c08ac
SHA512

0270c09c4a1ed38f2c8905df336f535aa0b8751972aa642cd3de650cb947a100437777d1c948f786742da584b9cc120c8727fba86e8b9bcf657e7519db6105a5
SSDEEP

24576:jio3EfzEEK7K65oCVi2MeVBkSSTiiq5ttdyrThXv8Dso78:1Y4En3TqtdyrThXEDR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_487ce12278ea8e217e990f136e121090

Files

JaffaCakes118_487ce12278ea8e217e990f136e121090
.exe windows:4 windows x86 arch:x86

d7ebd5a771b6256fc78fe9187de09d61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\kuai8App\GMApps\GMStartGame\bin\win32\release\startgame.pdb

Imports

wininet

InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

GetTempPathW
FreeEnvironmentStringsW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesW
GetCurrentThreadId
ResumeThread
CreateEventW
ResetEvent
SetEvent
MultiByteToWideChar
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
LoadLibraryW
FreeLibrary
GetVersionExW
GetSystemInfo
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
GetFullPathNameW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GlobalUnlock
GlobalAlloc
GlobalFree
GlobalLock
VirtualQueryEx
ReadProcessMemory
Sleep
TerminateProcess
SetLastError
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
GetEnvironmentVariableW
GetCurrentProcess
MulDiv
InterlockedDecrement
InterlockedIncrement
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
HeapReAlloc
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetLocalTime
GetEnvironmentStringsW
GetTempFileNameW
SetEnvironmentVariableW
GetTimeZoneInformation
lstrcmpW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
GetLastError
OpenMutexW
OpenProcess
ReleaseMutex
CreateMutexW
GetExitCodeProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenA
WritePrivateProfileStringW
CreateFileW
SetFilePointer
ReadFile
DeleteFileW
SetEndOfFile
WriteFile
lstrlenW
GetFileSize
CreateProcessW
WaitForSingleObject
CloseHandle
GetTickCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

SetWindowRgn
GetKeyState
InvalidateRect
GetMonitorInfoW
ScreenToClient
ReleaseCapture
GetFocus
BeginPaint
MonitorFromWindow
IsWindow
CreateWindowExW
RegisterClassExW
RegisterClassW
SendMessageW
GetMessageW
EnableWindow
SetFocus
LoadImageW
DestroyIcon
GetClassInfoExW
CharNextA
MoveWindow
ReleaseDC
RedrawWindow
GetDC
CharNextW
PtInRect
DrawFocusRect
UpdateLayeredWindow
IsRectEmpty
IntersectRect
DestroyWindow
IsChild
GetUpdateRect
EndPaint
InvalidateRgn
LoadBitmapW
LoadStringW
GetActiveWindow
AttachThreadInput
IsIconic
MapWindowPoints
GetWindowTextW
IsZoomed
GetWindowTextLengthW
OffsetRect
DrawTextW
CharPrevW
FillRect
CopyImage
DrawIconEx
DestroyAcceleratorTable
GetAsyncKeyState
SetCaretPos
TranslateAcceleratorW
SetCapture
LoadCursorW
SetForegroundWindow
GetWindowRect
GetParent
PostQuitMessage
CallNextHookEx
SetWindowTextW
GetWindowThreadProcessId
SetWindowsHookExW
EnumThreadWindows
FindWindowW
MessageBoxW
GetForegroundWindow
GetSystemMetrics
ShowWindow
IsWindowVisible
GetDesktopWindow
GetClientRect
SystemParametersInfoW
wsprintfA
wsprintfW
SetWindowPos
PostMessageW
KillTimer
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
CallWindowProcW
DefWindowProcW
SetPropW
GetClassNameW
SetWindowLongW
GetPropW
GetWindow
GetWindowLongW
ShowCaret
ClientToScreen
HideCaret
GetSysColor
CreateCaret
CreateAcceleratorTableW
GetCursorPos
SetCursor

gdi32

CreateSolidBrush
GetBitmapBits
GetClipBox
SetStretchBltMode
GetStockObject
CreateEllipticRgn
SelectClipRgn
GetCharABCWidthsW
CreateCompatibleDC
SetBkMode
StretchBlt
GetTextExtentPoint32W
TextOutW
ExtSelectClipRgn
RoundRect
SetBitmapBits
ExtTextOutW
CreateCompatibleBitmap
BitBlt
CreateRectRgnIndirect
SetBkColor
CreateRoundRectRgn
CombineRgn
CreateRectRgn
EnumFontsW
Rectangle
CreatePen
DeleteDC
CreateDIBSection
CreateFontIndirectW
GetTextMetricsW
GetDeviceCaps
DeleteObject
GetObjectW
SetTextColor
SelectObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
OleLoadPicture

shlwapi

StrStrIW
StrStrIA

Sections

.text
Size: 824KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7ebd5a771b6256fc78fe9187de09d61

Headers

File Characteristics

PDB Paths

Imports

wininet

version

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 824KB - Virtual size: 821KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 16KB - Virtual size: 24KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 124KB - Virtual size: 122KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 824KB - Virtual size: 821KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 16KB - Virtual size: 24KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 124KB - Virtual size: 122KB

.rmnet
Size: 60KB - Virtual size: 60KB