2f5d47f64c8944a28f4884995740c2c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f5d47f64c8944a28f4884995740c2c5_JaffaCakes118
Size

12KB
MD5

2f5d47f64c8944a28f4884995740c2c5
SHA1

45f0c9c0c11c1db054ffa171fc189eb783276e06
SHA256

912800d28fe0a570a7864b5aedd243eb5c449d30bcfa478aacd0e49c42c1a4c0
SHA512

f4d1762f3f7168531e0deaaf5d8aea47df855b9c32b44da3bae955e28a70fd6664e8999c8f08f182ce75b8f3bd7ebdd34c0e8b7f186d3808fb4b18d707b738b1
SSDEEP

192:mKzyERHUMrR45dF/CnSiPtfu6pXtc6OOYsCxoqwMrwiS+q5dnR02QWrdUN7A:DyWHUQO/kWEa6OOYboZiS+q5d/cN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f5d47f64c8944a28f4884995740c2c5_JaffaCakes118

Files

2f5d47f64c8944a28f4884995740c2c5_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

042374f5bf3104a5d0b38b5ac2a4ef38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAppendW
StrStrIW

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString

ole32

CoInitializeEx

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

kernel32

CreateFileW
WriteFile
GetProcessHeap
MultiByteToWideChar
LoadLibraryW
GetSystemTime
GetModuleFileNameW
GetProcAddress
HeapFree
SystemTimeToFileTime
HeapAlloc
CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ