25da09bd827e2afd4251db716528780f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25da09bd827e2afd4251db716528780f_JaffaCakes118
Size

147KB
MD5

25da09bd827e2afd4251db716528780f
SHA1

5feef802d2c81cc4aa2981427ddb845a469869da
SHA256

f5f14d121d9fa0f0cc478bbd1903a5ece853607bb9678ea636322e17a7eccb5c
SHA512

1e27b81cdad0424b074ddd596617aea89e9e00d3b23d7061194d19ea5200e441b9f8514cb165c239578d80a7fe587ff110e08174fd3c0d7da38ab840f35b1a19
SSDEEP

3072:0bOAamAgterMZe8Zr8ABDEoqxNC3kOOULDLobd/980BEg:0iArperme8p8ABYIOODL+9Qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25da09bd827e2afd4251db716528780f_JaffaCakes118

Files

25da09bd827e2afd4251db716528780f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b0f1882f1594b426e1addaaa491fab4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
OpenProcess
Process32First
Process32Next
RaiseException
ReadProcessMemory
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
WriteProcessMemory
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SysFreeString

Exports

Exports

DisabledKey
EnabledKey
___CPPdebugHook

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b0f1882f1594b426e1addaaa491fab4

Headers

File Characteristics

Imports

advapi32

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 11KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 8KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 11KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 8KB

.rmnet
Size: 56KB - Virtual size: 60KB