38b0dac9993f849963e0b7f2470236c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

38b0dac9993f849963e0b7f2470236c2_JaffaCakes118
Size

36KB
MD5

38b0dac9993f849963e0b7f2470236c2
SHA1

a9b79f2f8ff5c1dfdeab9db24f3b4f08d9bf6f88
SHA256

7c2fb5bd76227e63d55b0a37313ea2c3946774ed7ee0fe12b1f0294eeec70d2b
SHA512

67c7ac2e1f0be9ce2ce483adf9b80e9da2bdfc02461e81aee7679d493148236401a8c607ceeea9f194d04c1d7e2d1c33025562f98bdff916a1c34b4b79c0e145
SSDEEP

768:VH2uYd42iMdwfFJHgrSXKRGTbDfpF81O9PIIfarRBHWWMYiH4P:HHMdwfvHgeXCGPTpF81wRkHWWMYiH4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RLCmd.dll

Files

38b0dac9993f849963e0b7f2470236c2_JaffaCakes118
.zip
RLCmd.dll
.dll windows:4 windows x86 arch:x86

e3154d6d9e663a8061e88d6772b59641

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
lstrlenA
lstrcpyA
lstrcmpiW
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetStdHandle
FlushFileBuffers
CreateFileW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

EndDialog
wsprintfA
SetDlgItemTextW
GetDlgItem
SendMessageW
IsWindow
DialogBoxParamW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

OnPluginClose
OnPluginInit
OnPluginOption
OnPluginVersion
PostTranslate
PreTranslate

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3154d6d9e663a8061e88d6772b59641

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB