27ab11c83834e73f2bb2005157bb2fc8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27ab11c83834e73f2bb2005157bb2fc8_JaffaCakes118
Size

316KB
MD5

27ab11c83834e73f2bb2005157bb2fc8
SHA1

f7d95a32d3deb22694224c78456c06f29f85c55c
SHA256

aaa98b8ea39287dd2989af2adc052d6da203827f078c8ea33c0fa6ba0a7f9c16
SHA512

ff91400976f6313a0283664cba4d19a7d305b0098b21538e1fe83730b63e63e9979ce2e9e548c612d5ea4f448de35e9a0e2ec1fe38591e96b3f41ee34ca74e01
SSDEEP

6144:XG4jV3vZFlL3Mma4EOhOi4b6ODCukvG0N6qjB3Mb1kRYyiMGQdKb7HvnyqHPi:2+Zx7L3na4tt47DMOWZS1bbn5aCi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QUTATION.scr

Files

27ab11c83834e73f2bb2005157bb2fc8_JaffaCakes118
.rar
QUTATION.scr
.exe windows:4 windows x86 arch:x86

7803494b71db81c483fa333e96a7959c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord694
MethCallEngine
ord519
ord628
ord629
ord553
ord666
ord594
ord595
ord525
ord526
EVENT_SINK_AddRef
ord527
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord713
ord608
ord537
ord644
ord539
ord646
ord575
ord685
ord100
ord687
ord616
ord617
ord619
ord543
ord546

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ