26986c6c7e504cfa5c15e6ea62b564c2_JaffaCakes118 | Triage

Sharing

General

Target

26986c6c7e504cfa5c15e6ea62b564c2_JaffaCakes118
Size

281KB
MD5

26986c6c7e504cfa5c15e6ea62b564c2
SHA1

84ee092f7cd28ec38b9beec7a2e1cef3317452a9
SHA256

3292cfac66e6ea40730f2ece5304be54c8726b91ae4de6cea91379f336744825
SHA512

65e640586360449a46fa6b0dc75fe36efac635e9df5c29347d08b5b7e9eb7434bd74710170bb893db6b471736572eac333e136b5eedd6213a9af0311c8d607f0
SSDEEP

3072:F9Iquy1puQZ2PsSbYY5AYMYYCmkrVkxfPVsbYNn+rbnc5ayWYUQE6p/t/Bxi53kT:luW2zMlYELpBBxsl25Auo0/gTcKGX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26986c6c7e504cfa5c15e6ea62b564c2_JaffaCakes118

Files

26986c6c7e504cfa5c15e6ea62b564c2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

2ed0b6e28b1e742765ef39a145eeeeec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
DeleteFileA
ExitProcess
WriteFile
GetCommandLineA
lstrcatA
GetTempFileNameA
GetTempPathA

crtdll

_mkdir
_getcwd

shell32

ShellExecuteA

shlwapi

PathQuoteSpacesA
PathAddBackslashA

user32

wsprintfA

Sections

.flat
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE