765e4e24092e70e4ee6f1ef6152ac9cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

765e4e24092e70e4ee6f1ef6152ac9cb_JaffaCakes118
Size

60KB
MD5

765e4e24092e70e4ee6f1ef6152ac9cb
SHA1

09b3299b5560cab1fd1a8d703234ac4d9898e121
SHA256

419e5031751297bebb41bd4c3f16deb73405a3e74add0cfcb55f0145f838863e
SHA512

40a4078c8bdddb6b789210b4c96496035e35e3f33d6d683583a95f270a2b8b2c7174e412f5f5d6fac03cad339bc19d03fbd30023853c842a3ed0e59d1d30bce1
SSDEEP

1536:iUtu2nTL+4XtcFhDpeFiZ6uxWjJ6ka6zoLL1qFZVFH:iUtu2TL+KtcFh6IWjk6zoLL1SZVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
765e4e24092e70e4ee6f1ef6152ac9cb_JaffaCakes118

Files

765e4e24092e70e4ee6f1ef6152ac9cb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f3ac3066b9731a5fe8b7560b232a1a7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

admparse.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
_vsnwprintf
??1type_info@@UAE@XZ
_adjust_fdiv
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
_initterm

kernel32

LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
AddAtomA
WriteFile
SetFilePointer
lstrlenA
lstrcpyW
lstrcmpiW
CompareStringW
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetLastError
UnhandledExceptionFilter
GlobalFree
GetFileSize
GetLastError
LocalAlloc
CloseHandle
HeapAlloc
HeapReAlloc
lstrlenW
LocalFree
GetProcessHeap
HeapFree
ReadFile
InitializeCriticalSection
FindAtomA
DeleteAtom
SetUnhandledExceptionFilter
DeleteCriticalSection
WritePrivateProfileSectionW
WritePrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess

user32

UnregisterClassA
ShowWindow
SetScrollRange
GetClientRect
SetScrollPos
CreateWindowExA
RegisterClassA
DestroyWindow
GetWindowRect
GetParent
MoveWindow
ReleaseDC
GetDC
EndDialog
EnableWindow
GetDlgItem
SetWindowPos
GetScrollInfo

gdi32

DeleteObject
GetDeviceCaps
GetStockObject
SelectObject

shlwapi

ord340
ord74
ord37
ord59
ord55
ord61
ord91
ord138
ord143
ord93
ord53
ord136
ord95
StrCatW
ord102
ord94
ord56
ord141
ord107
StrRChrW
wnsprintfW
ord298
ord52
StrToIntW
StrDupW
StrCmpNW
StrCpyW
StrCmpW
StrCmpIW
StrSpnW
StrCSpnW
StrCpyNW
ord75
ord217
ord215
ord68
ord295
PathFindFileNameW
ord312
ord437

oleaut32

SysFreeString
VariantInit
SysStringLen
VariantClear
SysAllocString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

comctl32

ord16

Exports

Exports

AdmClose
AdmFinishedA
AdmFinishedW
AdmInitA
AdmInitW
AdmResetA
AdmResetW
AdmSaveData
CheckDuplicateKeysA
CheckDuplicateKeysW
CreateAdmUiA
CreateAdmUiW
DllMain
GetAdmCategoriesA
GetAdmCategoriesW
GetFontInfoA
GetFontInfoW
IsAdmDirty
ResetAdmDirtyFlag

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ac3066b9731a5fe8b7560b232a1a7e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

shlwapi

oleaut32

ole32

comctl32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB