6775ff8fda7d645778241ee442f76676_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6775ff8fda7d645778241ee442f76676_JaffaCakes118
Size

79KB
MD5

6775ff8fda7d645778241ee442f76676
SHA1

e5b2db261b99cba9e7e7b0d72b3bcbdbd38326c3
SHA256

48e8b6f48aa70a1763074224b9e72778198e63860ea87f4af84b0853c09e7abd
SHA512

04567b4916a8a122bbf66a7aa7882bee7245d5d3d7feb82c75f759ddd1ffa2d4c6470dc1204665edb4d9c6e4407ba90526ca236a39b477a1edd12a206042b739
SSDEEP

1536:cXsTWXB3UfxhISjzst5uF6gs5KEQx19l3eeuz4+Z7cNVFPjoodlu8W30rvnL:8XB3WrIonF6Ng3x19ZbaKFMoPuH3ST

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6775ff8fda7d645778241ee442f76676_JaffaCakes118

Files

6775ff8fda7d645778241ee442f76676_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2605f3f06b9d41dba9abd8b43e2a13c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mini_installer_full.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

lstrlenW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
LocalFree
lstrcatW
GetCommandLineW
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetLongPathNameW
GetTempFileNameW
GetTempPathW
lstrcmpiW
CopyFileW
GetLastError
EnumResourceNamesW
ExitProcess
GetModuleHandleW
FindResourceW
SizeofResource
WriteFile
CreateFileW
LockResource
LoadResource

shell32

CommandLineToArgvW

shlwapi

StrStrW
StrStrIW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.4MB - Virtual size: 25.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ