a68da11bde71b57047c2763f04394887_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a68da11bde71b57047c2763f04394887_JaffaCakes118
Size

177KB
MD5

a68da11bde71b57047c2763f04394887
SHA1

3e828a11e44e35ac8bbffefa62efb942f8193bef
SHA256

a8129680e519ca184c04080e6f71f4c43aa1ff1874f63d7fc8beb65f6ef4eb1f
SHA512

d13b05f21cc5202194664ed53ca36513e9cfecf83cc96cfd1e82019e8d6ed70ec8b13b68375ddf5e838763fab5918fc4ec654cf4e857da4692ad3548001f6788
SSDEEP

3072:BDsVHKueztK0BijXBeyPHh3Zz5gpzeuCn6v067x3IRiEMTllLCMfam7LqUV8z/sx:BDsVquBgEBpbz5M/Fv06V30iRTllFym7

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cleo/FileSystemOperations.cleo
unpack001/cleo/IniFiles.cleo
unpack001/cleo/IntOperations.cleo

Files

a68da11bde71b57047c2763f04394887_JaffaCakes118
.rar
cleo/FermaBot.cs
.vbs
cleo/FileSystemOperations.cleo
.dll windows:5 windows x86 arch:x86

ef19857a6f175cb058bb17f9c52adca3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Deji\Documents\CLEO_SDK\demo_plugins\bin\FileSystemOperations.pdb

Imports

cleo.asi

ord8
ord3
ord12
ord6
ord5

kernel32

GetFileAttributesA
CreateDirectoryA
FindFirstFileA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
MoveFileA
FindNextFileA
DeleteFileA
CreateFileW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
OutputDebugStringW
LoadLibraryW
HeapSize
LCMapStringW
CloseHandle

user32

MessageBoxA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleo/FixDIST by SR_team.cs
cleo/IniFiles.cleo
.dll windows:5 windows x86 arch:x86

71c443d8657199c944f15f35e6ec11bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Deji\Documents\CLEO_SDK\demo_plugins\bin\IniFiles.pdb

Imports

cleo.asi

ord10
ord5
ord4
ord8
ord3
ord12
ord15
ord6
ord1
ord11
ord13

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateFileW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
SetStdHandle
WriteConsoleW
LCMapStringW
OutputDebugStringW
LoadLibraryW
HeapSize
CloseHandle

user32

MessageBoxA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleo/IntOperations.cleo
.dll windows:5 windows x86 arch:x86

f4d1474c09ed066b91562a77e0ddbae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Deji\Documents\CLEO_SDK\demo_plugins\bin\IntOperations.pdb

Imports

cleo.asi

ord8
ord3
ord11
ord19
ord5

user32

MessageBoxA

kernel32

CreateFileW
CloseHandle
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
LoadLibraryW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleo/KILL.cs
cleo/MenuMusic.ini
cleo/Mix Sets (Junior_Djjr).cs
cleo/Mix Sets.ini
cleo/Run.cs
cleo/SW
cleo/SensitivityFix.cs
cleo/autodriver.cs
cleo/autodriver.txt
cleo/ccontrol.cs
cleo/fogdist.cs
cleo/fogdist.ini
cleo/hphud_by_Dapo_Show.cs
cleo/hume.ini
cleo/rec.cs
cleo/sw.cs
cleo/сокращ.команд.cs

Sharing

General

Malware Config

Signatures

Files

ef19857a6f175cb058bb17f9c52adca3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cleo.asi

kernel32

user32

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 8KB

71c443d8657199c944f15f35e6ec11bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cleo.asi

kernel32

user32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 10KB - Virtual size: 9KB

f4d1474c09ed066b91562a77e0ddbae7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cleo.asi

user32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB