JaffaCakes118_64554fc1f802fe055ca7e58c63ae0e29

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_64554fc1f802fe055ca7e58c63ae0e29
Size

100KB
MD5

64554fc1f802fe055ca7e58c63ae0e29
SHA1

0ee6f0fb812dd4ac8571e074ed85c116b927f9c5
SHA256

df20f3a3bb923cfdf37fe130f4b83051bc5876b21b228c8c1a87ec6c27ef4b1e
SHA512

78f60bc16098b7d00e0387ed37fcd62307ab83e97336412e60bb30bb519f701988e2aa843af1cee414fd6c13c632554af23f06a752b85c56c424bbed87ff7ca3
SSDEEP

3072:g6ukmULDxlbUP/4gQXAgg7ggs/wgADZUTFGV09nx20+MQxsc8Ai8zV+nfSxcbjTX:g69JAiU6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_64554fc1f802fe055ca7e58c63ae0e29

Files

JaffaCakes118_64554fc1f802fe055ca7e58c63ae0e29
.dll regsvr32 windows:4 windows x86 arch:x86

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RtlUnwind

rpcrt4

NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
NdrPointerUnmarshall
NdrConvert
NdrProxySendReceive
NdrOleFree
NdrProxyGetBuffer
NdrSimpleStructBufferSize
RpcRaiseException
NdrProxyInitialize
NdrPointerFree
NdrPointerMarshall
NdrStubGetBuffer
NdrPointerBufferSize
NdrSimpleStructUnmarshall
NdrStubInitialize
NdrInterfacePointerMarshall
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerUnmarshall
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrSimpleStructMarshall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

Imports

kernel32

rpcrt4

Exports

Exports

Sections

.orpc Size: 8KB - Virtual size: 4KB

.text Size: 4KB - Virtual size: 834B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 44B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 734B

.text Size: 68KB - Virtual size: 68KB

.orpc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 834B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 44B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 734B

.text
Size: 68KB - Virtual size: 68KB