411eab493cd184eaad634ec8c2ef9eec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411eab493cd184eaad634ec8c2ef9eec_JaffaCakes118
Size

406KB
MD5

411eab493cd184eaad634ec8c2ef9eec
SHA1

a97d50bb532cf276268561c0a6b3ccbf4b84bf2c
SHA256

ca881a2f986364bd328779e1ba104460bdbc6239d30ca18a6b228700392e322d
SHA512

5bfb87ad10964f683e2bba38ab6eef82fc69e1d78e73f41a8a359b5c7dcb9d1ff28355701ea24d430ceca80aff1ec7fbbf94529ae1107785aca6da2357767ee8
SSDEEP

12288:oOmonx2a60Mq/CV1WZPpVXVMomz5HDYbLshZ:hmkxDwq/CylVtm1DuoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
411eab493cd184eaad634ec8c2ef9eec_JaffaCakes118

Files

411eab493cd184eaad634ec8c2ef9eec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5242fd22b189c8625e6137ce5c2afdfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtAdjustPrivilegesToken
NtAllocateVirtualMemory

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
CStdStubBuffer_AddRef
NdrOleAllocate
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
NdrOleFree
CStdStubBuffer_QueryInterface
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE