081f0440d7ecb5f6d2279dc118f8e885_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

081f0440d7ecb5f6d2279dc118f8e885_JaffaCakes118
Size

96KB
MD5

081f0440d7ecb5f6d2279dc118f8e885
SHA1

682eb9a74820cf8c255e67b060f21875043e20de
SHA256

ccaae78793b6e80221062148cf4840ff4319dd4370d6eba84edcd4de1dd6cd44
SHA512

181c65d00c82346373e95687c4b3881c66445eca77a9faaa20842e2ebd5c5db779e969f4922d00d9bcd92b245b3d422e4770805e0bd4f580f0811d3b55496a49
SSDEEP

1536:GrZtaewPBaF79KuUbYLSA5FZowbh3zinqf5liI:GDahPBarKpbqSAhVbhDIqfh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081f0440d7ecb5f6d2279dc118f8e885_JaffaCakes118

Files

081f0440d7ecb5f6d2279dc118f8e885_JaffaCakes118
.exe windows:4 windows x86 arch:x86

375c7402f8748b0ff0440c4212cdf8d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

msvbvm60

__vbaVarSub

Sections

pec1
Size: 22KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE