256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118 | Triage

Sharing

General

Target

256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118
Size

18KB
MD5

256b4a3a5b32f69aab48e5b57fe487ba
SHA1

3ca83e9af4728b53a601eca54683d2967f1e7530
SHA256

6124f6ffbc4c0d0a10dfdb506a9e273fdcfaaaad51f90416fc8396dbd10571e8
SHA512

1659c0303a4c079412cc97f63227068ec5e69e51b77f1d507cde1f8b8dcca6489323c1620a76024618d173e4f508b8993a0fce60d29a20398880ab91345227f0
SSDEEP

192:SrRaezg6/ouXHER6y1RsjkbkKEmYmux0uAjuVVKJFuZNwY+g8kaCEW1kCUMU0r+:SMj6/RyX2kbjJY55Inh3kXBW0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118

Files

256b4a3a5b32f69aab48e5b57fe487ba_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

041be06c16a093581b6ae72fdf37df70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW
PathAppendW
StrStrW

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString

ole32

CoInitializeEx

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW

kernel32

LoadLibraryW
WriteFile
SystemTimeToFileTime
GetProcAddress
GetProcessHeap
CreateFileW
GetModuleFileNameW
CloseHandle
GetSystemTime
MultiByteToWideChar
HeapFree
HeapAlloc
ReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ