3394af81ca2610f48eb340e0928dedbe_JaffaCakes118 | Triage

Sharing

General

Target

3394af81ca2610f48eb340e0928dedbe_JaffaCakes118
Size

2.2MB
MD5

3394af81ca2610f48eb340e0928dedbe
SHA1

d6de8bb9e6addd622fb29b022839213f08f84117
SHA256

f89b7f82797ec36512fdc8e6f1138a5d29a886c8149ddf95d1a632ea3b331142
SHA512

e03d7c43126ddf9066a473c1d751162525d6afda5db682c2b297958636ff9ecc072806fc4ee259696acc56e51e577214c6727c3ab46af3d3efd9cf8ceb02840e
SSDEEP

49152:nvbuxLWJfdCWMjAsKCJ4WakL6wZ0iBG4YnNRG3L2pGKPcClCdVA7J:n8CUDjAWJ4WmsjsnfwKPcgKA7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/astroraidinstall.exe

Files

3394af81ca2610f48eb340e0928dedbe_JaffaCakes118
.rar
astroraidinstall.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot