44da27ee14a57dcc6542c005e969fcc1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44da27ee14a57dcc6542c005e969fcc1_JaffaCakes118
Size

102KB
MD5

44da27ee14a57dcc6542c005e969fcc1
SHA1

d5b4824e8bdc2b86b8ed396dd57966ca3806431a
SHA256

54edfa3922c0e4ff86c66763859bc1bdcf25a0f4f2439fb1a4acf02058e2cede
SHA512

70205bc22020222bfc779d288530a85d689ee5b1ccb54976e010b377d474a8b04ff406647d83a1da51b5ef9c3da50954decb144f067b8d4b19f00cbfc3f225db
SSDEEP

3072:MObwXVdLjo831/JIxkifKSlgIQSW1PL9:MObQHv1hUlQ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44da27ee14a57dcc6542c005e969fcc1_JaffaCakes118

Files

44da27ee14a57dcc6542c005e969fcc1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7533050f6c2449dfa609ec4d15e59a44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RequestWakeupLatency
LoadLibraryExA
EnumCalendarInfoW
GetTapeParameters
MapUserPhysicalPages
GetProcAddress
IsBadReadPtr

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Jgpmkml
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 98KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ