8645707c15c4eb76aa0dae611ac34d17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8645707c15c4eb76aa0dae611ac34d17_JaffaCakes118
Size

139KB
MD5

8645707c15c4eb76aa0dae611ac34d17
SHA1

988ebe25e4aee8d8766f1bff49089035fb337b8a
SHA256

9877ed48db2677bd7ddb2eba85ff55a636c2fb8225648ae4e78860c4072cb8d7
SHA512

b9ade50c8bae404f6880b2f575e4a4845842d8f1237129556ae975f53da7f02ddae6f1fb2cc48172d4ebda21216f215c4750c0cd877654fe8bfae9cc972645bf
SSDEEP

3072:AE58v3BLDdwCqrlzqVBQFxXepi86SpiBJdC2d/xZF3vdB8/PYNsozyF:z54xPdwCURqVBmxXepi8xpiXdC2d/xZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8645707c15c4eb76aa0dae611ac34d17_JaffaCakes118

Files

8645707c15c4eb76aa0dae611ac34d17_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9eb7faca0d50f09bbc1682fc9fe84a74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

catsrvps.pdb

Imports

kernel32

DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
RpcRaiseException
NdrConvert
NdrProxySendReceive
NdrProxyGetBuffer
NdrProxyInitialize
NdrStubGetBuffer
NdrStubInitialize
NdrPointerUnmarshall
NdrPointerMarshall
NdrSimpleStructMarshall
NdrPointerBufferSize
NdrPointerFree
NdrSimpleStructUnmarshall
NdrSimpleTypeMarshall
NdrSimpleTypeUnmarshall
NdrConformantStringMarshall
NdrConformantStringBufferSize
NdrConformantStringUnmarshall
NdrUserMarshalUnmarshall
NdrUserMarshalMarshall
NdrUserMarshalBufferSize
NdrConformantArrayMarshall
NdrConformantArrayBufferSize
NdrConformantArrayUnmarshall
NdrUserMarshalFree
NdrInterfacePointerMarshall
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerUnmarshall
NdrStubCall2
NdrSimpleStructBufferSize
NdrAllocate

msvcrt

free
_initterm
malloc
_adjust_fdiv
_except_handler3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 683B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9eb7faca0d50f09bbc1682fc9fe84a74

Headers

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

rpcrt4

msvcrt

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.orpc Size: 1024B - Virtual size: 683B

.data Size: 57KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 75KB - Virtual size: 74KB

.orpc
Size: 1024B - Virtual size: 683B

.data
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB