493fecfe2ba307763af1cf8e8e61a57d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

493fecfe2ba307763af1cf8e8e61a57d_JaffaCakes118
Size

415KB
MD5

493fecfe2ba307763af1cf8e8e61a57d
SHA1

c8b4cfb7dc460634a3fda7ce2c7b2aed3257b9e2
SHA256

e4f49ea1aa8d147f0ccfef6551d0372b7909ff4505171686e7e59324fa088ad1
SHA512

96aed6b7f1c092b1e8c131f2b2fae7b6bc0e77994a1a28d32adf066b6e347d2787777157ebe153314b5ccc7b0c4a265d092883e33a9df08785a927cbf23705bc
SSDEEP

12288:zfHfcKCRCtYoJ0LvAYlo7J//OsQY069X8Wjc8GGf2:zsJIHWM1u3oYef2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
493fecfe2ba307763af1cf8e8e61a57d_JaffaCakes118

Files

493fecfe2ba307763af1cf8e8e61a57d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4922a1d4dcd0fa5c50c399b66ea19b12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrUserMarshalUnmarshall
NdrDllGetClassObject
NdrStubGetBuffer
IUnknown_Release_Proxy
NdrConformantStringUnmarshall
NdrUserMarshalFree
NdrOleFree
NdrClearOutParameters
IUnknown_QueryInterface_Proxy
NdrSimpleTypeUnmarshall
NdrDllCanUnloadNow
NdrStubInitialize
CStdStubBuffer_Disconnect
NdrProxyErrorHandler
NdrSimpleStructUnmarshall
NdrDllUnregisterProxy
NdrStubForwardingFunction
NdrPointerUnmarshall
NdrProxyGetBuffer
NdrConformantArrayBufferSize
NdrInterfacePointerFree
NdrConformantStringMarshall
NdrAllocate
NdrConformantStringBufferSize
NdrPointerFree
NdrPointerBufferSize
NdrInterfacePointerUnmarshall
RpcRaiseException
NdrInterfacePointerBufferSize
NdrProxyInitialize
CStdStubBuffer_DebugServerQueryInterface
NdrConvert
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrPointerMarshall
NdrUserMarshalBufferSize
NdrProxySendReceive
NdrConformantArrayMarshall
NdrConformantArrayUnmarshall
NdrInterfacePointerMarshall
NdrProxyFreeBuffer
NdrUserMarshalMarshall
CStdStubBuffer_CountRefs
NdrSimpleTypeMarshall
NdrStubCall2
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrSimpleStructMarshall
NdrSimpleStructBufferSize
CStdStubBuffer_IsIIDSupported
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
IUnknown_AddRef_Proxy

msvcrt

_initterm
free
_adjust_fdiv
_except_handler3
malloc

kernel32

GetCurrentProcessId
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
GetTickCount
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime

ntdll

NtAllocateVirtualMemory
LdrGetDllHandle
RtlLargeIntegerToChar

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4922a1d4dcd0fa5c50c399b66ea19b12

Headers

File Characteristics

Imports

rpcrt4

msvcrt

kernel32

ntdll

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 928KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 512B - Virtual size: 20B

.rdata Size: 53KB - Virtual size: 52KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 928KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 512B - Virtual size: 20B

.rdata
Size: 53KB - Virtual size: 52KB