25f34de3459beeb03f881f06f2fd0d62_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25f34de3459beeb03f881f06f2fd0d62_JaffaCakes118
Size

62KB
MD5

25f34de3459beeb03f881f06f2fd0d62
SHA1

0b750327e1808d38168fa7522bd792aae12c3cae
SHA256

01733a548926474281df1fc056de1750437a5ceb648597453d1c916c79844ca3
SHA512

0d20de2efede293a54ba47a700af9c664f732bdaf29ef4454a666563f427ab946ab5bbfea2c25794b0c3eb8103b21989b8276d1872396c3de338ffdbd028c2ff
SSDEEP

1536:j3NqfM5E5W0d36KSNHCjXDpMIi1qNPfKxQLE:pyM+5W0F6KSNeXDpMJ1mfMQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25f34de3459beeb03f881f06f2fd0d62_JaffaCakes118

Files

25f34de3459beeb03f881f06f2fd0d62_JaffaCakes118
.dll windows:5 windows x86 arch:x86

79da3a9671905d53556d8dc8e7da61b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObject
GetCurrentDirectoryA
GetPrivateProfileStructA
FindFirstFileA
GetFileAttributesA
lstrlenA
SetFileAttributesA
UnmapViewOfFile
CreateFileA
MapViewOfFile
GetCurrentProcess
SetFilePointer
lstrcpyA
FindClose
VirtualAlloc
lstrcpynA
GetProcAddress
WriteFile
VirtualFree
GetComputerNameA
WaitForMultipleObjects
GetModuleHandleA
GetCommandLineA
ResumeThread
ReadFile
lstrlenW
VirtualProtectEx
FindNextFileA
SetCurrentDirectoryA
VirtualLock
TerminateProcess
DeleteFileA
WideCharToMultiByte
WritePrivateProfileStructA
GetVersion
CreatePipe
CreateFileMappingA
LoadLibraryA
IsBadReadPtr
VirtualUnlock
SetEndOfFile
VirtualQuery

msvcrt

asctime
mktime
toupper

user32

GetWindowDC
IsDlgButtonChecked
SetDlgItemTextA
GetClipboardData
KillTimer
SendDlgItemMessageA
SetForegroundWindow
EndDialog
GetDlgItemTextA
FindWindowA
SetTimer
MessageBeep
CharLowerA
CharUpperA
DestroyMenu
InvalidateRect
SetMenuItemInfoA
EnableMenuItem
SetWindowTextA
CheckMenuRadioItem
wvsprintfA
SetClipboardData
CheckRadioButton
SetFocus
AppendMenuA
ScreenToClient
GetDlgItem
SendMessageA
ShowWindow
EnumClipboardFormats

clusmqad

_Sinh
_FSnan
_LSinh
_LSnan
_LPoly
_Mbrtowc
_Snan
_Rteps
_LDscale
_Strxfrm
_LCosh
_Eps
_Toupper
_Getctype
_FRteps
_FExp
_Xbig
_Tolower
_LEps
_FInf
_LXbig
_Nan
_FDscale
_FDtest
_LInf
_FDenorm
_Getcvt
_Stod
_LRteps
_Denorm

comdlg32

GetSaveFileNameA

imagehlp

BindImageEx

advapi32

LookupPrivilegeValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
OpenProcessToken

gdi32

DeleteObject
SetBkMode
CreateFontIndirectA

Exports

Exports

CreateProcessNotify
DllClientCleanup
atmaHost
DllClientStartup

Sections

.text
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79da3a9671905d53556d8dc8e7da61b0

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

clusmqad

comdlg32

imagehlp

advapi32

gdi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 56KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 56KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB