a16b4a9b2694438634b3cbe4fdef4e74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a16b4a9b2694438634b3cbe4fdef4e74_JaffaCakes118
Size

385KB
MD5

a16b4a9b2694438634b3cbe4fdef4e74
SHA1

3294c2e58e2e7d7987137442e7952aa82266d59a
SHA256

729c3d4610707382998913af92f83d618304e25133f6082583e69a2c63b5784a
SHA512

c40011e281ce69468b2562f343ac2b22bad87bc780f7c047aa25410e80d34152a98b0c8952aaf2f311059c11a1bd769da098603e6bc5c445ecbbee7f714a5a8e
SSDEEP

12288:t5iFfUNMumsSlPGfAJr4+mdtoIOb/IOxL:GFBumsSl+oZXXxL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CIRCULAR 3655 DICULCIÓN SNR PRESUNTA FALSEDAD NOTARIAL EN ALGUNAS ESCRITURAS.exe

Files

a16b4a9b2694438634b3cbe4fdef4e74_JaffaCakes118
.rar
CIRCULAR 3655 DICULCIÓN SNR PRESUNTA FALSEDAD NOTARIAL EN ALGUNAS ESCRITURAS.exe
.exe windows:4 windows x86 arch:x86

3dec89b8fb9c3c6b71e8ec1b2fc79aab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord588
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord553
ord662
ord666
Zombie_GetTypeInfo
ord593
ord300
ord594
ord301
ord303
ord304
ord598
ord306
ord520
ord307
ord309
ord631
ord632
ord526
EVENT_SINK_AddRef
ord528
ord560
ord561
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord712
ord607
ord608
ord531
ord716
ord717
ord319
ord534
ProcCallEngine
ord644
ord537
ord645
ord570
ord576
ord685
ord100
ord610
ord320
ord612
ord321
ord617
ord619
ord542
ord543
ord544
ord545
ord547

Sections

.text
Size: 884KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ