117a07715b2980fa8a847b8327ea188c_JaffaCakes118

General

Target

117a07715b2980fa8a847b8327ea188c_JaffaCakes118
Size

104KB
MD5

117a07715b2980fa8a847b8327ea188c
SHA1

dceb21bcb8ec25ae056f806e6ac18790aa694536
SHA256

3355fb1af5a9ddb43f4ae77f6d4a5ff8dce35ed3fa0de1efd38a8517cf7e67f9
SHA512

df888bfadc68d4bf7c06ae5bf90f9c651a86ade8717925e94ad40fa43f434eb46b1af1fe153cc3edee636f4114ffba62a42ffd5a9a98b1d562c458688b4b5939
SSDEEP

1536:271TUhGHGLTzpe9arHl0a89R8cOLgYxBY/Hzmbn0cLVr3G+dIHJ91:271vm7Hp0h6LgYDwmn0cF3GMIH1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117a07715b2980fa8a847b8327ea188c_JaffaCakes118

Files

117a07715b2980fa8a847b8327ea188c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7bc10e00361d01af3980e944d6493510

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\rpcomproxy\rel32\rpcomproxy.pdb

Imports

ole32

GetRunningObjectTable
CreateItemMoniker

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

CharNextA
GetSystemMetrics
wsprintfW

msvcr71

free
realloc
sprintf
malloc
_stricmp
__dllonexit
_onexit
__security_error_handler
_except_handler3
_initterm
_adjust_fdiv
__CppXcptFilter
_vsnprintf
atol
strrchr
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
strchr
printf
_putenv

kernel32

GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
SetErrorMode
QueryPerformanceCounter
ExitProcess
GetCurrentProcessId
IsBadReadPtr
LoadLibraryA
FreeLibrary
GetProcAddress
GetEnvironmentVariableA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc10e00361d01af3980e944d6493510

Headers

File Characteristics

PDB Paths

Imports

ole32

advapi32

user32

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 56KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 56KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 3KB