3be50931f86213b494775d062b3c3360_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3be50931f86213b494775d062b3c3360_JaffaCakes118
Size

39KB
MD5

3be50931f86213b494775d062b3c3360
SHA1

6a084a9f4ec3a984ded890d2ef0005bf8925db3d
SHA256

b226900e6bb7703a1ca8f143efd8331916c93ac2ef8359a73d6d751451d92cf9
SHA512

206a52a54fd1a71c8287b0744f1a312c40b9d1cc4a386593d23b960fbf8fec7b72df80db1dcc4460e99dc65ee59dcb6dab0ddfd129d8f32212f84b447590b3b4
SSDEEP

768:WMJzKom9AKQZ+5Usr4+2+FXLLtq8CsEV0A3DGNxSMVV1w6vKHv:7JzVm9AKQ+5BN/FvKsEOaGxSQ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be50931f86213b494775d062b3c3360_JaffaCakes118

Files

3be50931f86213b494775d062b3c3360_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

866dd3a97ed98f8b764824b452e6705b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrChrW
StrRChrA
StrCmpNA
StrStrW
StrCatW
StrCmpIW
StrToIntA
StrCmpW
StrStrIA

kernel32

lstrcmpA
CreateThread
CreateMutexA
ResetEvent
ExitThread
GetTickCount
Sleep
WaitForSingleObject
GetModuleFileNameW
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
lstrcatA
lstrcpyA
InitializeCriticalSection
HeapDestroy
VirtualProtect
DeleteFileW
CreateProcessW
GetBinaryTypeW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetLastError
CreateDirectoryW
GetTempPathW
lstrcpynA
GetProcAddress
FreeLibrary
LoadLibraryA
HeapCreate
GetUserDefaultLangID
GetLocaleInfoA
GetSystemDefaultLangID
GetVersionExW
Process32NextW
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessA
GetModuleFileNameA
CreateFileA
MultiByteToWideChar
ReadFile
GetFileSize
GetTimeFormatA
GetDateFormatA
FindClose
FindNextFileA
DeleteFileA
UnmapViewOfFile
FindFirstFileA
PulseEvent
CreateEventA
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
LeaveCriticalSection
MoveFileA
EnterCriticalSection
GetModuleHandleA

user32

CreateWindowExW
GetWindowRect
SetTimer
wsprintfA
GetSystemMetrics
DestroyWindow
DispatchMessageW
GetClientRect
ShowWindow
DefWindowProcW
GetMessageW
TranslateMessage
RegisterClassExW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString
SafeArrayUnlock
SafeArrayLock
SysAllocStringByteLen
VariantClear
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

866dd3a97ed98f8b764824b452e6705b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 2KB