0ceb869dbbf80ca2e12207ed278a3d31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ceb869dbbf80ca2e12207ed278a3d31_JaffaCakes118
Size

97KB
MD5

0ceb869dbbf80ca2e12207ed278a3d31
SHA1

448595410d8e958f47151e6e88479fed1052edfd
SHA256

9b86016847190e4ba396876436cb18793d35f514df5c0bab60a3c8dc3b316d9d
SHA512

07561beb6bf5df1aceda415b153bcad76f34cb3dd0cafbe05f764dd32e145e1da7fd38a74f3c25fd1eb17e4a36e8b3e023b06f9e78a1ab2b83794eca8e8157bc
SSDEEP

3072:TkS5DSVAF0k38GzPmaZljxWXp9uZVqVUD1UgouQk:TkiF0k38GPmaXGp9uzCUa6b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ceb869dbbf80ca2e12207ed278a3d31_JaffaCakes118

Files

0ceb869dbbf80ca2e12207ed278a3d31_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ffb39e3872063a748ff1c73a778b5717

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrPointerMarshall
NdrDllRegisterProxy
NdrDllGetClassObject
NdrConformantArrayBufferSize
NdrAllocate
NdrUserMarshalMarshall
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
NdrDllUnregisterProxy
NdrOleFree
RpcRaiseException
NdrSimpleStructMarshall
NdrConformantArrayUnmarshall
NdrOleAllocate
NdrPointerUnmarshall
CStdStubBuffer_QueryInterface
NdrConvert
NdrInterfacePointerBufferSize
NdrSimpleStructBufferSize
NdrInterfacePointerUnmarshall
NdrPointerBufferSize
NdrConformantArrayMarshall
NdrSimpleTypeUnmarshall
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
NdrSimpleTypeMarshall
NdrProxyInitialize
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrUserMarshalUnmarshall
IUnknown_QueryInterface_Proxy
NdrProxySendReceive
NdrUserMarshalFree
CStdStubBuffer_DebugServerRelease
NdrProxyFreeBuffer
NdrSimpleStructUnmarshall
NdrInterfacePointerFree
NdrCStdStubBuffer_Release
NdrConformantStringUnmarshall
NdrConformantStringBufferSize
NdrUserMarshalBufferSize
NdrStubInitialize
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrProxyGetBuffer
NdrProxyErrorHandler
NdrPointerFree
IUnknown_AddRef_Proxy
NdrClearOutParameters
NdrInterfacePointerMarshall
NdrStubGetBuffer
NdrStubForwardingFunction
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrConformantStringMarshall

ntdll

RtlLargeIntegerShiftRight
NtAllocateVirtualMemory
LdrGetDllHandle

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId

msvcrt

free
_initterm
_except_handler3
_adjust_fdiv
malloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 333KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffb39e3872063a748ff1c73a778b5717

Headers

File Characteristics

Imports

rpcrt4

ntdll

kernel32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 333KB - Virtual size: 928KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 333KB - Virtual size: 928KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 512B - Virtual size: 20B