074b7170f82d4d70cb31703c96392d67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

074b7170f82d4d70cb31703c96392d67_JaffaCakes118
Size

11KB
MD5

074b7170f82d4d70cb31703c96392d67
SHA1

563976935e60785a90f91f2c03b0760987319898
SHA256

d82cff10cd16166aa8952ca46e8f94823959ebd97b2d30b2cdc346f610479707
SHA512

a15dd7ffa0e3d3bcf5bc0bef9f9ffb11ec137c5235cd0272ae3f4213ca2679a4ea22979b7d93a5b9a88cea3990a483c27921b8b71f7912c7a1842fb5a9234ba1
SSDEEP

96:Xus2nTibeZn/ircdumhCI2nCjS/vjwRKcj3LbGSB3XAyU+OqKzAHQSOg+EXMVtC+:XusKT9ZKgMmCyLbGSB3X6rqoA0iky2R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
074b7170f82d4d70cb31703c96392d67_JaffaCakes118

Files

074b7170f82d4d70cb31703c96392d67_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

92ccef2cdf4306b29fb3f75240fa8f56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

rpcrt4

CStdStubBuffer_AddRef
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

msvcr90

__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_malloc_crt
_adjust_fdiv
_amsg_exit
memcmp
_encode_pointer
_initterm_e
free
_encoded_null
_decode_pointer
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92ccef2cdf4306b29fb3f75240fa8f56

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

oleaut32

msvcr90

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.orpc Size: 512B - Virtual size: 135B

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 696B

.text
Size: 2KB - Virtual size: 2KB

.orpc
Size: 512B - Virtual size: 135B

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 696B