277f5c6a4412fde074b85d4b3c17f40f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

277f5c6a4412fde074b85d4b3c17f40f_JaffaCakes118
Size

246KB
MD5

277f5c6a4412fde074b85d4b3c17f40f
SHA1

996f2bf4826815f20c038ffcd665529b18308d91
SHA256

99f3bbd5f7d47d215370e291ac3ade925d3201403d69843ce28758ccd239c5e1
SHA512

8a2a95a2252972d4f9c577a591ecd282c38fe7b561bdefc0d5cc45f8408786c0ec18a0abaee03ffd0600c4a07742407c6044e551b7f5f1ce3504349fd4c40202
SSDEEP

6144:VabDAFiYDx6D3pGYwwsVFICR3DetQ23wC7FiFWpR+t3+8MggZ8BAvf1xICNu+4fv:n2NBwZ45o3KsIC68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
277f5c6a4412fde074b85d4b3c17f40f_JaffaCakes118

Files

277f5c6a4412fde074b85d4b3c17f40f_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

fa228ed28db9821e55fb5d3b76b6389a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IEProxy.pdb

Imports

msvcrt

??2@YAPAXI@Z
memcpy
memset
_amsg_exit
_initterm
free
malloc
_XcptFilter
_errno
??3@YAXPAX@Z

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrStubForwardingFunction
NdrStubCall2
NdrDcomAsyncClientCall
RpcRaiseException
IUnknown_Release_Proxy
NdrGetUserMarshalInfo

oleaut32

LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserSize
VARIANT_UserMarshal
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal

ole32

CoUnmarshalInterface
CoMarshalInterface
ReleaseStgMedium
CoGetMarshalSizeMax
CoTaskMemFree
HGLOBAL_UserSize
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserUnmarshal
HDC_UserSize
HDC_UserMarshal
HDC_UserFree
HDC_UserUnmarshal
HMENU_UserUnmarshal
HMENU_UserFree
HMENU_UserMarshal
HMENU_UserSize
HICON_UserSize
HICON_UserMarshal
HICON_UserUnmarshal
HICON_UserFree
HWND_UserSize
HWND_UserFree
HWND_UserMarshal
HWND_UserUnmarshal
CoTaskMemRealloc

kernel32

InterlockedExchange
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GlobalSize
Sleep
GlobalAlloc
GlobalUnlock
GetLastError
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock

gdi32

SetMetaFileBitsEx
GetEnhMetaFileBits
GetMetaFileBitsEx
CreatePalette
CreateBitmap
GetPaletteEntries
SetEnhMetaFileBits
GetObjectType
GetObjectA
GetBitmapBits

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa228ed28db9821e55fb5d3b76b6389a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

oleaut32

ole32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 144KB

.orpc Size: 12KB - Virtual size: 12KB

.data Size: 70KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 144KB

.orpc
Size: 12KB - Virtual size: 12KB

.data
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB