7d19fab97873af7f80264fc7b2296b95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d19fab97873af7f80264fc7b2296b95_JaffaCakes118
Size

1.2MB
MD5

7d19fab97873af7f80264fc7b2296b95
SHA1

08ec2884183619d2ea29e7d41f9b182ba33b4045
SHA256

32f5b9b6d2f335afa04e7c5e01cf59baa2ae3c4aa870a920b6d26ac0b089742b
SHA512

66c17260e33e890c51d79657fb8e74f85669483fab5c4d3d90b214d572e9c0ae5bcfcb4d4b215f329c30b5ed32733cab93a3d768669d9abc2142141416069c70
SSDEEP

384:bIvil5aVcHB1fCXJNr4TXLjiVvHoElXeFxxz+J/WfBowS0FEpc0BYjh0I5+cOj6u:Ci1h1fC/r87e9ZGx1G/+1H+R6NU/LF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PaymentSlip034.doc.scr

Files

7d19fab97873af7f80264fc7b2296b95_JaffaCakes118
.iso
out.iso
.iso
PaymentSlip034.doc.scr
.exe windows:4 windows x86 arch:x86

259fb311c8277395d047497096658069

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord696
ord514
ord518
ord556
ord665
ord666
ord524
ord525
EVENT_SINK_AddRef
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord531
ord532
ProcCallEngine
ord645
ord538
ord646
ord570
ord685
ord100
ord541
ord651

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ