4199ff383bef552a815e1f0e17132f45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4199ff383bef552a815e1f0e17132f45_JaffaCakes118
Size

260KB
MD5

4199ff383bef552a815e1f0e17132f45
SHA1

e01b60a13aff6c5da268a0fab24fae0009085c88
SHA256

c6e2438972c64a8cdce1d4f5e77ec33c50b2ba680b7f833c39f5e3a3077870cd
SHA512

1aaeb8c70e7ef9d6726811fee063dc7d4197647586674f57079e9aee4649239ae5f0fb7926747236289fb0efca53e41cad73974a0be54fc08414a977bbaba084
SSDEEP

1536:GuoLidM9M+ER5aeMK6LWEf3BQTGKkowxAs0RWyk05QlVDajX5w6LaeV/TRQ8G:YLXrEPBMK6qoxi5QzE9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4199ff383bef552a815e1f0e17132f45_JaffaCakes118

Files

4199ff383bef552a815e1f0e17132f45_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ecfb7f2185392039069971ccae4d4bd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 4KB - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ