bddac6734113933176bc4e433a54f38f_JaffaCakes118 | Triage

Sharing

General

Target

bddac6734113933176bc4e433a54f38f_JaffaCakes118
Size

1.7MB
MD5

bddac6734113933176bc4e433a54f38f
SHA1

ccf4ad1f2d817eb616a2cfaf8ee763a52c0ede07
SHA256

fbb08ff9e6a51c47f957c10817fcc92030279dff398bd5a493faab81cb55e755
SHA512

4de34b8caec96e1fe755068ef3737a93f25b95b6311e654acb4912abda93a31216fba95b2966ff2bfceffe6f42ee4d955fc916fa48eff4447c2f072acf832515
SSDEEP

49152:k/f1h2PvL6TrW3R8sZQ3QYQ7DY9IpaTXhedw7:k31h2P8r25S3IpaTXIdw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bddac6734113933176bc4e433a54f38f_JaffaCakes118

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

bddac6734113933176bc4e433a54f38f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fde8fc6d89a103269a91db9a550eb922

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\install\release\obj\i386\SandboxieInstall.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy

kernel32

GetExitCodeProcess
GetCommandLineW
GetStartupInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
GetTickCount
CreateFileW
WriteFile
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryW
ExitProcess
Sleep
DeleteFileW
GetProcessHeap
WaitForSingleObject
CreateProcessW
HeapAlloc
GetStartupInfoW

user32

wsprintfW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ