3717768988cf3585f1c4e33667b6d18a_JaffaCakes118 | Triage

Sharing

General

Target

3717768988cf3585f1c4e33667b6d18a_JaffaCakes118
Size

7.0MB
MD5

3717768988cf3585f1c4e33667b6d18a
SHA1

814eee79a1f977d4f75deceee2a2de62227654c8
SHA256

45229cf510020ceda3e6fc04f1bac36a81d9eab96494124293a4d515c3f72325
SHA512

8bf62e54f5ab75227aa221c8acfc36f99fb3547db583395d872d8b0e6a0823f1f2d5fc8f98cf765a50df50387b53070ac426894b824b92abadb1cb5cd3e3d04c
SSDEEP

196608:DVqMI3pt+qVO5Pqj7Xrk2q9j8SaAwVHu/k/pHrIxx:D3Y6qn/7Bq5t6Hu/kBkxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3717768988cf3585f1c4e33667b6d18a_JaffaCakes118

Files

3717768988cf3585f1c4e33667b6d18a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca474b90b2eba8932d1d759e0dd6d272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mini_installer_full.pdb

Imports

shell32

CommandLineToArgvW

shlwapi

StrStrIW
StrStrW

kernel32

lstrlenW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
LocalFree
lstrcatW
GetCommandLineW
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetLongPathNameW
GetTempFileNameW
GetTempPathW
lstrcmpiW
CopyFileW
GetLastError
EnumResourceNamesW
ExitProcess
GetModuleHandleW
FindResourceW
SizeofResource
WriteFile
CreateFileW
LockResource
LoadResource

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.0MB - Virtual size: 25.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ