38e9e1258bafb9e379a6107e7161e2e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38e9e1258bafb9e379a6107e7161e2e1_JaffaCakes118
Size

446KB
MD5

38e9e1258bafb9e379a6107e7161e2e1
SHA1

50b6ae8559bb168b133429e93056027320447ad1
SHA256

daf41ae756faa9a1a7926374eb16ee87e1219670551d84a454837ce3d7d81306
SHA512

cfd4ccdcafa4dc0a206998f31b30e6ba07fdf85495347f6f073bec2b9234dc8e957cfd3750d3b2bca0961cfa2ea7bc8bc87a53770accd1d74bb61fcb665b3070
SSDEEP

6144:gN3e0iF6mWc7oTqt8jcJY/8Dsh3UJzZZHAvFv7MWWevURFsuuWTy2Vew:OC6mWc7cCESsZaZZ4sQWne

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38e9e1258bafb9e379a6107e7161e2e1_JaffaCakes118

Files

38e9e1258bafb9e379a6107e7161e2e1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EqualRect
FillRect
IsCharLowerA
LoadAcceleratorsA
LoadBitmapA
LoadCursorFromFileA
LoadImageA
MessageBeep
OemToCharBuffA
PostMessageA
SendMessageA
UpdateWindow
EmptyClipboard
EndDialog

version

GetFileVersionInfoW
VerFindFileW
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

kernel32

WinExec
VerLanguageNameW
VerLanguageNameA
UnlockFileEx
TerminateProcess
SetLastError
SetFilePointer
SetCurrentDirectoryA
SetCommState
SetCommMask
SetCommBreak
SearchPathA
ReplaceFileA
QueryPerformanceFrequency
DeleteFileA
DuplicateHandle
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FindFirstFileExA
FindFirstVolumeW
FindResourceW
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
GetDefaultCommConfigW
GetFileSize
GetLastError
GetLocalTime
GetProcAddress
GetTapePosition
GetThreadLocale
GetTickCount
GetVersionExW
HeapAlloc
IsBadReadPtr
IsBadStringPtrA
IsDBCSLeadByte
ProcessIdToSessionId

ntdll

RtlUpcaseUnicodeStringToOemString
RtlxOemStringToUnicodeSize
ZwAccessCheck
ZwCompleteConnectPort
ZwCreateIoCompletion
RtlTimeToElapsedTimeFields
RtlStringFromGUID
RtlSetInformationAcl
RtlSetCurrentDirectory_U
RtlResetRtlTranslations
RtlNtStatusToDosError
RtlMultiByteToUnicodeN
RtlLargeIntegerShiftLeft
RtlIsNameLegalDOS8Dot3
RtlInsertElementGenericTable
RtlInitAnsiString
RtlImpersonateSelf
RtlEqualDomainName
RtlDelete
RtlCreateUserProcess
NtGetWriteWatch
NtMapUserPhysicalPagesScatter
NtPowerInformation
NtPrivilegeObjectAuditAlarm
NtQueryPerformanceCounter
NtSetHighEventPair
RtlTraceDatabaseFind

userenv

CreateEnvironmentBlock
RegisterGPNotification
GetAppliedGPOListW
FreeGPOListW
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection

Exports

Exports

AslbmbmhQDrYnkTcMg
CvdVdvizmbilz
CvvZwqiqpqilwsJmNup
RczevmuTzo
UpkIPpjqlr
YhujHaryub
cPQ
dfT
doJiqduTouYnitgkf
ghfronm
nagwjaamtudgojb
njqoucNmb
oQoDihDyfiNvkztNc
shxlvFeotguk
usaH
wDufiriYjjthmMXoxz
xbprAhjkqjgvHKjhmk
zsygxgkhhspmulOzga

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fcc81626febf9189c63399d737523a

Headers

DLL Characteristics

File Characteristics

Imports

user32

version

kernel32

ntdll

userenv

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 362KB - Virtual size: 671KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 362KB - Virtual size: 671KB

.rsrc
Size: 26KB - Virtual size: 26KB