38112dc12c95512fac707502d586930f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38112dc12c95512fac707502d586930f_JaffaCakes118
Size

78KB
MD5

38112dc12c95512fac707502d586930f
SHA1

cc4731edde2cc2adde03f60c3cafb00e81e3614c
SHA256

4d1a25159242f3177188c1ee762cbc3e229f55c14f9297a74259b31c537829f7
SHA512

05d1573797ba45eaff44a3d7a66b4dabcc0d4dcbda0de6f346f9dd9b1f6dd4fc89d0900a3089428618cc1e3ecdb712343ff16617d2733f97646a17d8fd6a0cbe
SSDEEP

1536:rBaYfH/Czzojh54LGy/uNs1hLWSukKyIZvq+QPAIlo+t0QQgm:r8YvYGy/uyXW3HrIlo20QQP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38112dc12c95512fac707502d586930f_JaffaCakes118

Files

38112dc12c95512fac707502d586930f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

417e5de195519c2d6044719630696656

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ReadFile
GetFileSize
CreateFileA
DeleteFileA
GetLocalTime
Sleep
WaitForSingleObject
MapViewOfFile
CreateThread
WideCharToMultiByte
CreateProcessA
FindClose
FindFirstFileA
lstrcpyA
GetTickCount
lstrlenA
GetTempPathA
WriteFile
VirtualProtect
OpenFileMappingA
GetModuleFileNameA
VirtualAlloc
LoadLibraryA
CreateMutexA
GetProcAddress
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RaiseException
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
SetFilePointer
RtlUnwind
GetCommandLineA
GetVersion
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLastError

advapi32

RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

ole32

CoCreateGuid
CoInitialize
StringFromGUID2

wininet

HttpOpenRequestA

rpcrt4

UuidToStringA
RpcStringFreeA

urlmon

URLDownloadToCacheFileA
UrlMkGetSessionOption
UrlMkSetSessionOption

Exports

Exports

DllRegisterServer

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

417e5de195519c2d6044719630696656

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

wininet

rpcrt4

urlmon

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB