cff02a3c09f231cdabe1a505609a703f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cff02a3c09f231cdabe1a505609a703f_JaffaCakes118
Size

273KB
MD5

cff02a3c09f231cdabe1a505609a703f
SHA1

28d429d13ab42a50de5a7fb97387964046122531
SHA256

900f4418cc8af9d7334bcfde5b4ce9674f99216264850b21dc5ee50e29eb6d50
SHA512

7e61ca1665c3128056e70d89ee79650350329ea7e8b6c4a68d46e72e5f318203257da440286c3459874a572a224923072578a3d2a279a573f2da99b7efe24908
SSDEEP

3072:s3aQIURTXJEkfo1O4xmqIN3Br7OBKBmFUretayQp9c4/1fpgsjf0Udzq7ydZefB1:VsKTCqITrTdKtq5/DgsjfzekAGizEMZR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff02a3c09f231cdabe1a505609a703f_JaffaCakes118

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

cff02a3c09f231cdabe1a505609a703f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fde8fc6d89a103269a91db9a550eb922

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\install\release\obj\i386\SandboxieInstall.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy

kernel32

GetExitCodeProcess
GetCommandLineW
GetStartupInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
GetTickCount
CreateFileW
WriteFile
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryW
ExitProcess
Sleep
DeleteFileW
GetProcessHeap
WaitForSingleObject
CreateProcessW
HeapAlloc
GetStartupInfoW

user32

wsprintfW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ