34ddd904f37f707c561c838622824efb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34ddd904f37f707c561c838622824efb_JaffaCakes118
Size

26KB
MD5

34ddd904f37f707c561c838622824efb
SHA1

8a124f220a21e965f8ee671f9e1dab3f424771fe
SHA256

499048524aa40079e180796c6a58bcee0c35a8bc69f9665f5e422f3e98bcef0b
SHA512

e4764ef578c904b9226bf1f8dcdd1bbc294cb9d39648ddb6d36500d3b7310992f50dc57ebcc103712985f79505c237d332119e4df5e6f6ae2077e2d375db2c08
SSDEEP

384:+K4Ay8J6ZAN56RtfTvOVS9Pg/RxSYA2kmr390Q6VIsWTfDkTnXP:+Pb8SleSAXkqsVIRD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34ddd904f37f707c561c838622824efb_JaffaCakes118

Files

34ddd904f37f707c561c838622824efb_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

e44645b021253859e41334c3c07050b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ahadmin.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter

kernel32

DisableThreadLibraryCalls
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange

rpcrt4

NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy

oleaut32

LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.orpc
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e44645b021253859e41334c3c07050b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

rpcrt4

oleaut32

Exports

Exports

Sections

.orpc Size: 1024B - Virtual size: 551B

.text Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

.orpc
Size: 1024B - Virtual size: 551B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB