270e6c70f479ff5b2aef6e5422908ff1_JaffaCakes118 | Triage

Sharing

General

Target

270e6c70f479ff5b2aef6e5422908ff1_JaffaCakes118
Size

1.5MB
MD5

270e6c70f479ff5b2aef6e5422908ff1
SHA1

23355063c4415fa24f115c57c9fb81ac6c0e4183
SHA256

f2bb4841e6b19d120f11b076774ad4700e7010c1f4d4bb8fb1ee8b834183c90b
SHA512

789a5760559fbc2757d8382fb31392b640673be211cee93c4bcb9a95a465b05b222f3fe14abb72947a4984193019065843825ad5a807597fc5f86281844d2acf
SSDEEP

24576:mfOyotfeirQIpaFaH1v1ydiGhuGxxjk3pppn8LbYt4/9WeQN7of0bDgq2yjUs2U2:mGnpbaFc+iGTk3pp+bF8HbUfyj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
270e6c70f479ff5b2aef6e5422908ff1_JaffaCakes118

Files

270e6c70f479ff5b2aef6e5422908ff1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99749c71fd33f6023e06aa18f796ce53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

StrChrIA
StrStrA

kernel32

GetCurrentDirectoryA
lstrcpyA
lstrcatA
WriteFile
Sleep
SizeofResource
RtlZeroMemory
LockResource
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindResourceA
GetModuleHandleA
GetTickCount
GetVersion
LoadResource

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE