975ce7ff59e6e1668f639d77d2efb0a8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

975ce7ff59e6e1668f639d77d2efb0a8_JaffaCakes118
Size

399KB
MD5

975ce7ff59e6e1668f639d77d2efb0a8
SHA1

e9fbee414dc38849a2028196dabb233f953f5b07
SHA256

512bb2a447e76276245b8c753d271f9a6ec5a482eadb45f28da2177936a01055
SHA512

2c8d67c305fd0e81d45c58ddbea80a8c85e9c367d371eda981ffafdaf11cc2c03fc760e7420557645a33885a8386e975cb5c1437be046a93566ef7457fb4ad5d
SSDEEP

3072:f2mUj2nDsNSToMb06HryEI2MnirCWDxBE8i5Em1lSDuH/8RPKocs0hcbbgznd95c:ZRy5y6OrXrhNtkRkkmfZ4X4/bR4wzgE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
975ce7ff59e6e1668f639d77d2efb0a8_JaffaCakes118

Files

975ce7ff59e6e1668f639d77d2efb0a8_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

8c34bb0a9891c8a2115a7950b99e1e79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IEProxy.pdb

Imports

msvcrt

memcpy
_XcptFilter
malloc
free
_initterm
_amsg_exit
_adjust_fdiv

rpcrt4

NdrDllRegisterProxy
NdrOleFree
NdrCStdStubBuffer2_Release
NdrGetUserMarshalInfo
RpcRaiseException
NdrStubForwardingFunction
NdrStubCall2
NdrClientCall2
NdrOleAllocate
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrDllUnregisterProxy

oleaut32

LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LPSAFEARRAY_UserFree

ole32

HGLOBAL_UserSize
HBITMAP_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserMarshal
HBITMAP_UserSize
CoTaskMemRealloc
CoTaskMemFree
HDC_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HDC_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserUnmarshal
HGLOBAL_UserFree
HACCEL_UserSize
HACCEL_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserFree
HMENU_UserSize
HMENU_UserMarshal
HMENU_UserUnmarshal
HICON_UserSize
HICON_UserMarshal
HICON_UserUnmarshal
HICON_UserFree
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
HMENU_UserFree

kernel32

Sleep
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
DisableThreadLibraryCalls

user32

IsWindowEnabled
EnableWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c34bb0a9891c8a2115a7950b99e1e79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

oleaut32

ole32

kernel32

user32

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.orpc Size: 9KB - Virtual size: 8KB

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 29KB

.text Size: 118KB - Virtual size: 120KB

.text
Size: 209KB - Virtual size: 208KB

.orpc
Size: 9KB - Virtual size: 8KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 29KB

.text
Size: 118KB - Virtual size: 120KB