14a67a0182df117e8de6ae7a3b597491_JaffaCakes118

General

Target

14a67a0182df117e8de6ae7a3b597491_JaffaCakes118
Size

68KB
MD5

14a67a0182df117e8de6ae7a3b597491
SHA1

cab591f7253eb93425b589ad6535615c56dece97
SHA256

190a8d27201844dc530fa9e3f65662c73e656565118f0203845877e125c6f8a8
SHA512

005174519c0a533aa0dedfe120f94768ba383c137acaedb1d76afb2e6d6870d827f2d743af63bddbef5f8a6e15c84a4e1ba3da98f42daedc5d45636d503a0605
SSDEEP

1536:U0SWMVj/bHj3yMb0RwwPUsNf7tZ7+GqWqIvttM11JX:jSWuD3CMcwwzBtB+bCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a67a0182df117e8de6ae7a3b597491_JaffaCakes118

Files

14a67a0182df117e8de6ae7a3b597491_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

0f56b8937e95671802fc6e97e3d5661a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winrssrv.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f56b8937e95671802fc6e97e3d5661a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

Exports

Exports

Sections

.orpc Size: 512B - Virtual size: 184B

.text Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 57KB - Virtual size: 57KB

.orpc
Size: 512B - Virtual size: 184B

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 57KB - Virtual size: 57KB