f838407eebb8b52c7f591357bffe8b3d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f838407eebb8b52c7f591357bffe8b3d_JaffaCakes118
Size

11KB
MD5

f838407eebb8b52c7f591357bffe8b3d
SHA1

8160fbbfd5e82242280a54180eb0d3cf461fa7df
SHA256

97e24f2e5520c57ae8d8e1fe40b3656c1472e425cc403ade5ee0edac1305313c
SHA512

7939521dab1640c1fdb9de6f2bb4fd51314cd034b1e0c963a1dd54b24b832bab4135ff0d28cdb9e592062ad223bcb303de6a72162e517a6f9cc7f76fa77b3138
SSDEEP

192:J/cV80wSenPYpUqqqCXhpYRPEMzqHwJF4j+qfxdQ+TTtp8BQiZK+5oRWAX:dS8XnwpfHCRAPEeqakf0+VEQihLE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Secret Windows functions/Secret.exe

Files

f838407eebb8b52c7f591357bffe8b3d_JaffaCakes118
.rar
Secret Windows functions/Form.frm
Secret Windows functions/Form.frx
Secret Windows functions/Secret.exe
.exe windows:4 windows x86 arch:x86

dfe8cf6360397c5f8364b28701d423c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord595
EVENT_SINK_AddRef
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord100

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Secret Windows functions/Secret.vbp
Secret Windows functions/Secret.vbw
Secret Windows functions/下载说明.htm
.html .js polyglot