25e28062ea20f068a05e2e21d3653bf4_JaffaCakes118

General

Target

25e28062ea20f068a05e2e21d3653bf4_JaffaCakes118
Size

40KB
MD5

25e28062ea20f068a05e2e21d3653bf4
SHA1

65d4705688c3b3e7d4a27276674f3a04a9db2055
SHA256

c67d8f06b0508f2538b0284ba8a110bdff89375e42874e8c229b7c89c3ae9634
SHA512

b9665857a8fc2b54f0519b44060d715563f81e56843dd616e52e5f6f1da05c3f160b246b647d4d17dc90250e7c99b5d0b2e3eb0c056b2dc6851bfa8cda90fad7
SSDEEP

768:ZduyOMf2zZiV1/oltM2QBKQnd5TaRN9J:ZsyPfhb/g+fB+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e28062ea20f068a05e2e21d3653bf4_JaffaCakes118

Files

25e28062ea20f068a05e2e21d3653bf4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

88c16c7f5073f97b1a921a6f6a2e960a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
DeleteFileA
CloseHandle
ReadFile
CreateFileA
MoveFileA
GetFileAttributesA
CopyFileA
CreateDirectoryA
InitializeCriticalSection
WaitForSingleObject
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
WriteFile
ResumeThread
GetLastError
CreateThread
SetFilePointer
GetFileSize
SetFileAttributesA
lstrcmpiA
lstrlenA
lstrcatA
FindFirstFileA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
HeapFree
GetProcessHeap
HeapAlloc
DeleteCriticalSection
Sleep

user32

wsprintfA
wvsprintfA
GetDesktopWindow
CharUpperA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyA
RegEnumKeyA

shell32

SHFileOperationA

Exports

Exports

InstallPlugin
PluginVersion
TerminatePlugin

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c16c7f5073f97b1a921a6f6a2e960a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB