fa066a3834958f2e5e872468501a405d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa066a3834958f2e5e872468501a405d_JaffaCakes118
Size

234KB
MD5

fa066a3834958f2e5e872468501a405d
SHA1

4d23ec690d32f6ae35ff5be05b21613b38cb5cf3
SHA256

31efd378cd39672c3ce414cea95871e688f998ea87c64af84a1af52abc0b297d
SHA512

524aae48fb1ea5ce147a9862a28c238ebf6ca2493efbc6ce9ff75e47984b369bf0bdbdae5954209fb167c8932353fb2e7128fc719443722bf9f511f17a6c5192
SSDEEP

3072:FpJBOCAZPuBghHEwoci6TKQh8pDb4v5wO6AZ+z5/z420lesuiYyo4jecgC4t:RBO5P3hkNci6OFa+9/z42mexyo9cg9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa066a3834958f2e5e872468501a405d_JaffaCakes118

Files

fa066a3834958f2e5e872468501a405d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

26c9396428e5f5b519fced904433c5dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\WinRAR\RarExt\build\32\Release\rarext.pdb

Imports

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA
ord8

kernel32

GetFullPathNameA
GetFullPathNameW
DeleteFileA
DeleteFileW
CreateDirectoryA
GetVersionExA
GetModuleFileNameA
GetLocaleInfoA
GetNumberFormatA
WideCharToMultiByte
ExpandEnvironmentStringsA
WaitForSingleObject
lstrcpynW
lstrcpynA
FindResourceA
LoadLibraryExA
CompareStringA
GetCurrentProcess
Sleep
SystemTimeToFileTime
MultiByteToWideChar
IsDBCSLeadByte
GetCPInfo
GetTempPathA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapSize
InitializeCriticalSectionAndSpinCount
GetVersion
GetStartupInfoA
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapDestroy
HeapCreate
VirtualAlloc
VirtualFree
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
GetFileAttributesW
GetFileAttributesA
GetModuleHandleA
GetDriveTypeA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
GetProcessHeap
GetLastError
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCommandLineA
GetCurrentThreadId
LeaveCriticalSection
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
GetSystemTimeAsFileTime
SetStdHandle
EnterCriticalSection

user32

OemToCharA
CharUpperW
CharLowerW
CharLowerA
LoadStringA
GetWindowRect
SetWindowPos
GetWindowTextA
GetSystemMetrics
GetWindow
GetClassNameA
CharToOemA
GetWindowLongA
SetWindowTextA
wsprintfW
GetSysColor
LoadImageA
SendDlgItemMessageA
CharUpperA
SetDlgItemTextA
wsprintfA
SetWindowLongA
GetDlgItemTextA
GetClientRect
BeginPaint
EndPaint
CreatePopupMenu
InsertMenuItemA
InsertMenuItemW
GetParent
InvalidateRect
GetDC
SendMessageA
ReleaseDC
ShowWindow
GetDlgItem

gdi32

GetObjectA
CreateCompatibleDC
GetPixel
SetPixel
DeleteDC
TextOutA
CreatePen
CreateSolidBrush
SetTextColor
Polygon
Polyline
DeleteObject
SelectObject
GetTextFaceA
GetTextMetricsA
CreateFontA
GetDeviceCaps

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

DragQueryFileA
ShellExecuteExA
SHGetPathFromIDListA
DragQueryFileW

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExtAddNames
ExtGetCommandString
ExtInvokeCommand
ExtProcessDrop
ExtQueryContextMenu
ExtSetDestFolder

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26c9396428e5f5b519fced904433c5dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 28KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 9KB - Virtual size: 8KB

.rmnet Size: 96KB - Virtual size: 96KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 9KB - Virtual size: 8KB

.rmnet
Size: 96KB - Virtual size: 96KB