5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118 | Triage

Sharing

General

Target

5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118
Size

18KB
MD5

5ea1a4d150c5a4ec7e881320e5dc3b63
SHA1

55907786880c5e87f6492c0bb30982f4a1a4b751
SHA256

0661b9344cf5b37d235b4a4145c7da3a089605f3df146b5e1ba37c662cdbe7f8
SHA512

e20bfcec15a8344cda7d7a2a91545bfd98cfc4e32c254f88ab6846640449d5046a3b31922af06f6eb39611c6e8e924d6c6d329ba647306ec30dadc05f32aff76
SSDEEP

384:NcbFPayevMhczTnOyRKPJOmSFwz06obqJ+Nd8asFbfwBJhzmcc7:DygMhczzOyRKPJOmSFwz0PqoNd0oJlu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118

Files

5ea1a4d150c5a4ec7e881320e5dc3b63_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

5e8e8a91384a6f922fb129b922d40cfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW
PathAppendW
StrStrW

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString

ole32

CoInitializeEx

advapi32

RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

kernel32

GetProcAddress
LoadLibraryW
WriteFile
SystemTimeToFileTime
CloseHandle
GetProcessHeap
CreateFileW
GetModuleFileNameW
GetSystemTime
MultiByteToWideChar
HeapFree
HeapAlloc
ReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ