0414b1353e1029751e6b96fdc10f281e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0414b1353e1029751e6b96fdc10f281e_JaffaCakes118
Size

28KB
MD5

0414b1353e1029751e6b96fdc10f281e
SHA1

0b57d125195bc168736c2db9dd6ca9ba6c048b72
SHA256

b5c3aefdc4eadad26ec02023fbe74aa3db4d8b15e2328e0bdfb267325cc23b80
SHA512

34c8f5264ec6858b00b3b653d234ad889c3746ddfcac6fa6f78779037f1a9adba8a7296027d72a935516fc317f0066fbe5608a0b427574f7cebc21488b40905d
SSDEEP

192:tIVpFZ2OV9Ntq2IV1IhJPtKVCvloiK2qDCegVJFKmKglTZqGNr8ZxGPMC8tniVAN:tIGODFIb0tK8NKVWegfImK6N8ZoPM13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0414b1353e1029751e6b96fdc10f281e_JaffaCakes118

Files

0414b1353e1029751e6b96fdc10f281e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cb58fc06cf43cc26c0b2b90e8bcb0baf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

rpcrt4

CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrProxyFreeBuffer
NdrConvert
NdrProxySendReceive
NdrConformantStringMarshall
NdrProxyGetBuffer
NdrConformantStringBufferSize
RpcRaiseException
NdrProxyInitialize
CStdStubBuffer_AddRef
NdrConformantStringUnmarshall
NdrStubInitialize
NdrSimpleTypeMarshall
NdrSimpleTypeUnmarshall
NdrClearOutParameters
NdrComplexStructUnmarshall
NdrPointerFree
NdrComplexStructMarshall
NdrComplexStructBufferSize
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrOleFree
NdrStubGetBuffer

msvcrt

_adjust_fdiv
malloc
_initterm
free
memcmp
memset
_except_handler3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.orpc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb58fc06cf43cc26c0b2b90e8bcb0baf

Headers

File Characteristics

Imports

kernel32

rpcrt4

msvcrt

Exports

Exports

Sections

.orpc Size: 8KB - Virtual size: 5KB

.text Size: 4KB - Virtual size: 672B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 72B

.reloc Size: 4KB - Virtual size: 880B

.orpc
Size: 8KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 672B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 72B

.reloc
Size: 4KB - Virtual size: 880B