3c438d2c2c96fc019438ca437bf0d6b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c438d2c2c96fc019438ca437bf0d6b7_JaffaCakes118
Size

463KB
MD5

3c438d2c2c96fc019438ca437bf0d6b7
SHA1

95c857253ad5da38c744a4c4cea2571c0b9fd75e
SHA256

8c056bd0936b856a651c10cd8bd98dcb172c5330c2943d65877e4a62f498442e
SHA512

727fa29f29fa4352175fac75d17a646dbf823aaaf43102ae4a1362b5676246cfb647234fc411d29b55226a0b6b7dfb4a90d4415987d8bd89b4c0807bd28a1def
SSDEEP

6144:ytnpTzqsaj+W7Vz3DwIDAqVP7uAwecP0Bw9W5fXtMaVR1XUkWskRRYNj7GM+hbe:y90fSW7ljUu7bwL0Bd5ftVTA6NT+zf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c438d2c2c96fc019438ca437bf0d6b7_JaffaCakes118

Files

3c438d2c2c96fc019438ca437bf0d6b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

103ecc87d3020a2a4f4ce920b808d867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlLargeIntegerShiftRight
NtAllocateVirtualMemory
LdrGetDllHandle

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess

rpcrt4

NdrSimpleStructBufferSize
NdrUserMarshalUnmarshall
NdrConformantStringBufferSize
NdrDllCanUnloadNow
NdrOleAllocate
NdrConformantStringUnmarshall
NdrInterfacePointerUnmarshall
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerRelease
NdrProxyInitialize
NdrUserMarshalBufferSize
RpcRaiseException
NdrUserMarshalFree
NdrPointerBufferSize
NdrDllGetClassObject
NdrConformantArrayBufferSize
NdrStubInitialize
NdrUserMarshalMarshall
NdrInterfacePointerMarshall
NdrSimpleTypeUnmarshall
NdrConformantArrayUnmarshall
NdrAllocate
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrStubGetBuffer
CStdStubBuffer_QueryInterface
NdrInterfacePointerFree
NdrStubForwardingFunction
NdrConformantArrayMarshall
CStdStubBuffer_DebugServerQueryInterface
NdrSimpleStructUnmarshall
NdrConformantStringMarshall
CStdStubBuffer_Connect
NdrOleFree
NdrPointerMarshall
NdrProxyErrorHandler
NdrProxySendReceive
CStdStubBuffer_Disconnect
NdrConvert
NdrCStdStubBuffer_Release
NdrPointerUnmarshall
NdrDllUnregisterProxy
NdrClearOutParameters
NdrProxyGetBuffer
NdrPointerFree
NdrStubCall2
NdrProxyFreeBuffer
NdrSimpleStructMarshall
CStdStubBuffer_AddRef
NdrInterfacePointerBufferSize
NdrSimpleTypeMarshall
CStdStubBuffer_Invoke

msvcrt

malloc
_adjust_fdiv
_initterm
free
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 371KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

103ecc87d3020a2a4f4ce920b808d867

Headers

File Characteristics

Imports

ntdll

kernel32

rpcrt4

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 371KB - Virtual size: 976KB

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 371KB - Virtual size: 976KB

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 512B - Virtual size: 20B