984c8e7ac695f9968bcc99bbee6bc344_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

984c8e7ac695f9968bcc99bbee6bc344_JaffaCakes118
Size

272KB
MD5

984c8e7ac695f9968bcc99bbee6bc344
SHA1

08d56c10e70bdf6c2c88b50a76c281ea141b56c3
SHA256

a862ceb0054409b5bdd7dce8ee74a98b4d81d1c3d910596ddb8eeb06922724a8
SHA512

04cb464cfa10f96cd62701c7a054ca657ecc1839cf580f99164342d2b6a95a80c136b7e91af9b5e7216146cb1feea627855071065a6aae6a710ba1f8bcc196f2
SSDEEP

3072:Z3BWcSZ2ShqnTTHQ+4+lB66EdOuqzsi/I14FI+fbeNUJRQ:Z3BWc7nb436EdOzsi/ZI+KNb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
984c8e7ac695f9968bcc99bbee6bc344_JaffaCakes118

Files

984c8e7ac695f9968bcc99bbee6bc344_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RtlUnwind

rpcrt4

NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
NdrPointerUnmarshall
NdrConvert
NdrProxySendReceive
NdrOleFree
NdrProxyGetBuffer
NdrSimpleStructBufferSize
RpcRaiseException
NdrProxyInitialize
NdrPointerFree
NdrPointerMarshall
NdrStubGetBuffer
NdrPointerBufferSize
NdrSimpleStructUnmarshall
NdrStubInitialize
NdrInterfacePointerMarshall
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerUnmarshall
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrSimpleStructMarshall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

Imports

kernel32

rpcrt4

Exports

Exports

Sections

.orpc Size: 8KB - Virtual size: 4KB

.text Size: 4KB - Virtual size: 834B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 44B

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 744B

.text Size: 240KB - Virtual size: 240KB

.orpc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 834B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 44B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 744B

.text
Size: 240KB - Virtual size: 240KB