0fb42d67ae8de1da77e61eddf13f159b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fb42d67ae8de1da77e61eddf13f159b_JaffaCakes118
Size

415KB
MD5

0fb42d67ae8de1da77e61eddf13f159b
SHA1

63126ce354105526b8dd09e9af2ce665eb08d420
SHA256

acf970505370f51cd17b2d23f3679a1ea4c456321d56d4ed7d1d07046e280a03
SHA512

5a00836a7dc70efc6f26fd145ba70f3f24fdce340a538f5648820f2095fbedd5670070e1d5ef38b5bc09b71f072120bde65147a0ab6d3b9722c209f8c7e25a00
SSDEEP

12288:gS9/JV68L9v60EPzt3moZ8Hgo0yWm2AtL5By:g6JV1ZLezRmogO9Apu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb42d67ae8de1da77e61eddf13f159b_JaffaCakes118

Files

0fb42d67ae8de1da77e61eddf13f159b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9114e46ebf0df793d1521278a8946797

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

NdrProxyInitialize
NdrCStdStubBuffer2_Release
NdrProxyGetBuffer
NdrUserMarshalFree
NdrStubInitialize
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
NdrSimpleStructUnmarshall
NdrStubGetBuffer
NdrOleAllocate
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
NdrOleFree
IUnknown_Release_Proxy
NdrConformantStringBufferSize
NdrConformantStringUnmarshall
NdrConformantArrayBufferSize
NdrInterfacePointerMarshall
NdrPointerFree
NdrUserMarshalBufferSize
CStdStubBuffer_DebugServerQueryInterface
NdrPointerUnmarshall
NdrUserMarshalMarshall
NdrCStdStubBuffer_Release
NdrPointerBufferSize
CStdStubBuffer_Invoke
NdrUserMarshalUnmarshall
NdrSimpleTypeUnmarshall
IUnknown_AddRef_Proxy
NdrSimpleTypeMarshall
NdrInterfacePointerFree
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
NdrSimpleStructBufferSize
CStdStubBuffer_DebugServerRelease
NdrConformantArrayMarshall
NdrInterfacePointerUnmarshall
NdrConformantArrayUnmarshall
NdrPointerMarshall
NdrClearOutParameters
NdrStubForwardingFunction
NdrSimpleStructMarshall
NdrProxySendReceive
NdrProxyErrorHandler
NdrConvert
NdrProxyFreeBuffer
NdrAllocate
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
NdrStubCall2
NdrConformantStringMarshall
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
NdrInterfacePointerBufferSize
CStdStubBuffer_AddRef
RpcRaiseException

ntdll

LdrGetDllHandle
RtlLargeIntegerToChar
NtAllocateVirtualMemory

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
DisableThreadLibraryCalls
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetTickCount
TerminateProcess
GetCurrentProcessId

msvcrt

malloc
free
_adjust_fdiv
_except_handler3
_initterm

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9114e46ebf0df793d1521278a8946797

Headers

File Characteristics

Imports

rpcrt4

ntdll

kernel32

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 928KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 512B - Virtual size: 20B

.rdata Size: 53KB - Virtual size: 52KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 928KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 512B - Virtual size: 20B

.rdata
Size: 53KB - Virtual size: 52KB