33f4c6d91e99cde8b2031ab570111eb6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33f4c6d91e99cde8b2031ab570111eb6_JaffaCakes118
Size

8KB
MD5

33f4c6d91e99cde8b2031ab570111eb6
SHA1

d794fc5f06e6f56ba8b6ca332d0a90cf2689900a
SHA256

90161d91d79edca6fc07e61604abb1ee26dd0a3f3b1d4d72bc8efdadb3db1af8
SHA512

a4a66ccc543985ae749233a78fb6af1379e131a81f06b52282b501d5a05f697a4143ce5fd1843f38733fb530ebd3703a8a98513282d0c1a40c90b7805de8b7af
SSDEEP

96:GFDaKuDcjwVhHhJx0xebj+F4H8PGm40csXdyVwmc01MYmaCqaGuhMVKevpLAKvIn:G09rh90y+agwzBc0qUuhMkeZAKvIkK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f4c6d91e99cde8b2031ab570111eb6_JaffaCakes118

Files

33f4c6d91e99cde8b2031ab570111eb6_JaffaCakes118
.dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

46a42d98d05ccb46f41c85ad19c4d900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAppendW
StrStrIW

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

ole32

CoInitializeEx

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

kernel32

WriteFile
LoadLibraryW
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
SystemTimeToFileTime
GetProcessHeap
GetProcAddress
GetSystemTime
HeapFree
CloseHandle
HeapAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ