30fae3585056444ccac3c34019a8ff49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30fae3585056444ccac3c34019a8ff49_JaffaCakes118
Size

86KB
MD5

30fae3585056444ccac3c34019a8ff49
SHA1

7d9af0576c29ec1bb3575944901366d4d758b01b
SHA256

81fd1b077f0c74a6f7dd8c0f6402f55a714a30738885c93181365997c93ce1dd
SHA512

ec482494e6db178c89b303707d4182745976eb606cbadcd7fb8f6b9e6e94f22ef9720324dbbcb294ab0d5b844b360bd807a1e64953b257df2b1bc64842744acc
SSDEEP

1536:I4DUh9CCaOKvwhHC8VdzHk4xK/J6XTunXoKGJAH5R4:I4D+wCvBY3v4hGH5R4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30fae3585056444ccac3c34019a8ff49_JaffaCakes118

Files

30fae3585056444ccac3c34019a8ff49_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f2a37238203d1caa20572e51d5907a6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
wnsprintfA

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetCrackUrlA

kernel32

GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
WriteFile
TerminateThread
Sleep
CreateProcessA
GetLastError
GetProcAddress
LoadLibraryA
HeapAlloc
CloseHandle
GetTempPathA
LocalFree
CreateThread
GetVolumeInformationA
SetLastError
GetSystemTimeAsFileTime
FreeLibrary
lstrlenA
CreateFileA
HeapReAlloc
GetLocaleInfoA
FlushFileBuffers
CreateMutexA
IsDebuggerPresent
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
GetLengthSid
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
OpenProcessToken
RegOpenKeyA

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2a37238203d1caa20572e51d5907a6f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB