vidar | 6640daceda1062bca9dd181fec29d353_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6640daceda1062bca9dd181fec29d353_JaffaCakes118
Size

3.5MB
MD5

6640daceda1062bca9dd181fec29d353
SHA1

6cea300f980c21ca1777181b8a0a5acce73a895b
SHA256

7b8f25a4e1b1d7b5925f2754c6df64e65fb0afb754dd4be7c35e052e7b88f64d
SHA512

70fe1450cffb484f72fbb8a0fc8e998a645439a2b3ca4b429c20f9cbff6789686a34a578b5b821efc3d8d8135cfa789a00c2d96806c0a85b96535038ecb4caf2
SSDEEP

49152:D62JVKh1VrdmC/1xpLzgYSHx4yzj8zow4ylvrFgn/y5q2DiAtGJqT5+GPY:DmFdzgYSHx4yzj8zowFdyotWA2

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6640daceda1062bca9dd181fec29d353_JaffaCakes118

Files

6640daceda1062bca9dd181fec29d353_JaffaCakes118
.dll windows:4 windows x86 arch:x86

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
sscanf
isdigit
strtol
??1type_info@@UAE@XZ
strncat
_onexit
_initterm
_adjust_fdiv
realloc
memmove
toupper
tolower
strtok
memcmp
strcpy
strrchr
_strnicmp
strstr
rand
printf
atol
atoi
_strlwr
strchr
strcat
_stricmp
strcmp
memset
malloc
fopen
free
fclose
fgets
strncpy
clock
srand
abs
time
localtime
sprintf
fprintf
vsprintf
strlen
_EH_prolog
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__dllonexit

wsock32

recv
WSACleanup
WSAStartup
select
closesocket
htons
getservbyname
send
gethostname
ioctlsocket
gethostbyname
socket
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl
setsockopt

kernel32

GetLastError
OpenFile
_lclose
GetStdHandle
WriteFile
ReadFile
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetVersionExA
lstrcpyA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleHandleA
lstrcmpA
GetEnvironmentVariableA
lstrcmpiA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
lstrlenA
lstrcatA

user32

wsprintfA
CharNextA

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

Exports

Exports

Blat
Send
SetPrintFunc
cSend

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB