dd738570d4f9b5086bd241b1bcb4370e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd738570d4f9b5086bd241b1bcb4370e_JaffaCakes118
Size

32KB
MD5

dd738570d4f9b5086bd241b1bcb4370e
SHA1

624d52befafd2532bad45195d2d01781a5f74842
SHA256

e75f24e91a906b84cd5d5cbdeab1fa33843869f22f25f216bbf1348b44855062
SHA512

9a7be806271ed6a40e86c7067845517c1af424ed285742b91ef8a50d118b338d5e40a0f655e980f31d612f04260e883d87c8a29017689e493e72e359c19bca67
SSDEEP

192:Ub31rznHUjz3SmGzcJp7VSCxUOJiZ6lUFDROUxXfBbVZ87h7JwaBjcNK8qjykm5G:UrtzaMm/l8dQ7EaBjyKFekmcwbU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd738570d4f9b5086bd241b1bcb4370e_JaffaCakes118

Files

dd738570d4f9b5086bd241b1bcb4370e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e7f5d751665b8baa6d44b5027fec6814

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrProxySendReceive
NdrOleAllocate
NdrProxyErrorHandler
NdrProxyFreeBuffer
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrConformantStringMarshall
NdrProxyGetBuffer
NdrConformantStringBufferSize
RpcRaiseException
NdrConvert
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubInitialize
NdrClearOutParameters
IUnknown_AddRef_Proxy
NdrPointerFree
NdrPointerMarshall
NdrPointerBufferSize
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_CountRefs
NdrPointerUnmarshall
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
NdrProxyInitialize
NdrStubGetBuffer
NdrConformantStringUnmarshall

user32

wsprintfA

kernel32

GetModuleFileNameA
lstrlenA
lstrcatA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueA
RegCloseKey

msvcrt

_except_handler3
memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7f5d751665b8baa6d44b5027fec6814

Headers

File Characteristics

Imports

rpcrt4

user32

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.orpc Size: 8KB - Virtual size: 6KB

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 209B

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 936B

.orpc
Size: 8KB - Virtual size: 6KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 209B

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 936B