406eb6427299cb76076bf7469e178f40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

406eb6427299cb76076bf7469e178f40_JaffaCakes118
Size

512KB
MD5

406eb6427299cb76076bf7469e178f40
SHA1

843ff02b7f4ffafc3e31f9baed0f6b26176d0d34
SHA256

1ea6ab39312fdf492c72bde3367c22eca2d53a8b0c5cfc0dc676ec6e827c0c1a
SHA512

9fe875c755f07cf9d7199c6549859ef45473ad75a0eb2f102d7fdfcf83dc028f2270bdd39aeea40eec95831ff8da3da1ebc5fe930cdc4f6b1229439db66c788f
SSDEEP

12288:492CYbQuIK7GcxpzSDkF11ryFGEsMD1i:48bRIK7GcxpziOccExx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
406eb6427299cb76076bf7469e178f40_JaffaCakes118

Files

406eb6427299cb76076bf7469e178f40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

874e5453527f2c8d6ed8db8360ddd845

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord693
ord661
ord632
ord525
EVENT_SINK_AddRef
DllFunctionCall
ord673
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord574
ord100
ord610
ord617
ord546
ord581

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ