03b226278a1b50c8a36bb4dc4a7d560c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03b226278a1b50c8a36bb4dc4a7d560c_JaffaCakes118
Size

12KB
MD5

03b226278a1b50c8a36bb4dc4a7d560c
SHA1

61ba3a9ed2641a444d16ab7f33c0478ec161555f
SHA256

e3a4cd42833721ee00c795929884160ec18b60dd866cbfd8ddb101cd63fc41be
SHA512

d2ee6b5c89052c64ea69397267d4ccf46f471331634bd62e2de9510f77327337fd88844333f7a7fcfb4d839f79af07fc9757a9543881587c4cb76186346e1305
SSDEEP

192:T4xrtX0Q8GFmlL57QvgAkmz/UJe9c0UtaI5xu7t9i/dnYoA9wUxkE+AxnUUzAAJc:ExrtEQNmRlGzMJDN5ci/dk9wfEJxUU0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03b226278a1b50c8a36bb4dc4a7d560c_JaffaCakes118

Files

03b226278a1b50c8a36bb4dc4a7d560c_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

7a0e342fa3c5f85c7b22d6a935ac33da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAppendW
StrStrIW

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
SysAllocString

ole32

CoInitializeEx

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

kernel32

MultiByteToWideChar
CreateFileW
WriteFile
CloseHandle
ReadFile
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetProcessHeap
HeapFree
SystemTimeToFileTime
HeapAlloc
GetSystemTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ