7432285bc6b69a3bc802b33381c45ed6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7432285bc6b69a3bc802b33381c45ed6_JaffaCakes118
Size

134KB
MD5

7432285bc6b69a3bc802b33381c45ed6
SHA1

a00ef7bc9bb07ba2aefae316f07f554f74a90e19
SHA256

4a4a99f65544276dff38bb4f4cca2655610cefa547e78930b8d6cd55a36e3c53
SHA512

d54aa8f0b87eb5778d37af2880e6c7c4282181c122fac074dc697cfb4314d80a5fc7ec060e31076c3a3ee58712c612fbb50e4cde851adbdc86b0a3b182d5f330
SSDEEP

1536:MN92VD+9w43avW+QB5n14nirNQl0XvPgEuRT:A929INLF4ncNQ0wEuRT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7432285bc6b69a3bc802b33381c45ed6_JaffaCakes118

Files

7432285bc6b69a3bc802b33381c45ed6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

03b5f3ac05dad2d480ae9e9f281c0579

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ZB6\Workspace\ZBEX_Project_6_7_0\zbr\Bin\ReleaseMinDependency\Symbols\ZbProxyStub.pdb

Imports

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrCStdStubBuffer_Release

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_encode_pointer
_malloc_crt
_encoded_null
free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

kernel32

QueryPerformanceCounter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls

ole32

HMENU_UserSize
HDC_UserUnmarshal
HDC_UserFree
HMENU_UserFree
HDC_UserMarshal
HDC_UserSize
HMENU_UserUnmarshal
HICON_UserFree
HICON_UserUnmarshal
HACCEL_UserSize
HACCEL_UserFree
HICON_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserMarshal
HICON_UserSize
HGLOBAL_UserSize
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserUnmarshal
HWND_UserSize
HWND_UserFree
HWND_UserMarshal
HWND_UserUnmarshal
HMENU_UserMarshal

oleaut32

VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserSize
VARIANT_UserMarshal
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03b5f3ac05dad2d480ae9e9f281c0579

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

msvcr80

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.orpc Size: 7KB - Virtual size: 6KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 3KB - Virtual size: 2KB

.orpc
Size: 7KB - Virtual size: 6KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB