16f047768f636ab4643c367b3fd31211_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f047768f636ab4643c367b3fd31211_JaffaCakes118
Size

337KB
MD5

16f047768f636ab4643c367b3fd31211
SHA1

61152c0b4ea10b4d851506eea285eaa3adb2fc29
SHA256

e56b5cfb81c48d331fba3c57a2c0ba7e2b25fb6347834e74c32e2233c592ff60
SHA512

1df72d1be285f9ec5dbbfc0d095db1d2f9df21e3a80667545be02c60b984dfdfdd12cf304ef9ac6335254251fbb4d9770df3ddc9a04a22f72b711230d002a74e
SSDEEP

3072:E2mUj2nDsNSToMb06HryEI2MnirCWDxBE8iFEm1lSDuH/8RPKocs0hcbbgznd95O:KRW5i6OrXrhNtkR3kEn6bEgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f047768f636ab4643c367b3fd31211_JaffaCakes118

Files

16f047768f636ab4643c367b3fd31211_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

8c34bb0a9891c8a2115a7950b99e1e79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IEProxy.pdb

Imports

msvcrt

memcpy
_XcptFilter
malloc
free
_initterm
_amsg_exit
_adjust_fdiv

rpcrt4

NdrDllRegisterProxy
NdrOleFree
NdrCStdStubBuffer2_Release
NdrGetUserMarshalInfo
RpcRaiseException
NdrStubForwardingFunction
NdrStubCall2
NdrClientCall2
NdrOleAllocate
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrDllUnregisterProxy

oleaut32

LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LPSAFEARRAY_UserFree

ole32

HGLOBAL_UserSize
HBITMAP_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserMarshal
HBITMAP_UserSize
CoTaskMemRealloc
CoTaskMemFree
HDC_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HDC_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserUnmarshal
HGLOBAL_UserFree
HACCEL_UserSize
HACCEL_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserFree
HMENU_UserSize
HMENU_UserMarshal
HMENU_UserUnmarshal
HICON_UserSize
HICON_UserMarshal
HICON_UserUnmarshal
HICON_UserFree
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
HMENU_UserFree

kernel32

Sleep
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
DisableThreadLibraryCalls

user32

IsWindowEnabled
EnableWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c34bb0a9891c8a2115a7950b99e1e79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

oleaut32

ole32

kernel32

user32

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.orpc Size: 9KB - Virtual size: 8KB

.data Size: 86KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 209KB - Virtual size: 208KB

.orpc
Size: 9KB - Virtual size: 8KB

.data
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 29KB