104bef86e7e8c51370a7e19b520403b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

104bef86e7e8c51370a7e19b520403b9_JaffaCakes118
Size

24KB
MD5

104bef86e7e8c51370a7e19b520403b9
SHA1

a732eee5206a090f921f5a6e58a7487bc6a20006
SHA256

d1927e841a791b52a3fddee2ed81e1de65e03a8c6eeb94a9e88be5e60db59a47
SHA512

7b1883658e3582a0f6c3863c1e428c7ff9b1164e7654f8959107c2ff02f1a0af0c1d3d1a77efc6682a9d8a24dc13bb3a67f7a02b96ad7de92a06328cdf8a6596
SSDEEP

768:UsvCvu/68M+/Q8T8ugwNrAyrnEhwxpsWMkuT1EZqXSJBnbMhZzHmWfCe3GVk2U0:UsTWXsbCGSr0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
104bef86e7e8c51370a7e19b520403b9_JaffaCakes118

Files

104bef86e7e8c51370a7e19b520403b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2605f3f06b9d41dba9abd8b43e2a13c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mini_installer_full.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

lstrlenW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
LocalFree
lstrcatW
GetCommandLineW
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetLongPathNameW
GetTempFileNameW
GetTempPathW
lstrcmpiW
CopyFileW
GetLastError
EnumResourceNamesW
ExitProcess
GetModuleHandleW
FindResourceW
SizeofResource
WriteFile
CreateFileW
LockResource
LoadResource

shell32

CommandLineToArgvW

shlwapi

StrStrW
StrStrIW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.3MB - Virtual size: 25.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ