0d69e4fbd0632ea582baa5880d8d9174_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d69e4fbd0632ea582baa5880d8d9174_JaffaCakes118
Size

64KB
MD5

0d69e4fbd0632ea582baa5880d8d9174
SHA1

59bfdc1aa51598d8ddf584fd28d3d04cfa18790c
SHA256

0cc98e3724d1da1b2f6f50d8c2e5e01a33000a89723298037cfe2841e9b3f60e
SHA512

372edc9ddddd31e9ade1a6f7ff09bccbb847817f2f06b20b077dc8dd088b06bc52d5c07f2d4e949acedc859009905862459677c8abbbdb4cc19f90496e09d5dc
SSDEEP

1536:Z3lYHUnr8BcIJyediSvGk133krSVyn+l3a3x:AHILIQCv/6rSni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d69e4fbd0632ea582baa5880d8d9174_JaffaCakes118

Files

0d69e4fbd0632ea582baa5880d8d9174_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c5c8b0336da62839561175080034a0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaCyVar
__vbaCyErrVar
__vbaBoolVarNull
__vbaAryUnlock
__vbaAryRebase1Var

kernel32

CloseHandle
OpenFileMappingA
FindResourceA
ExitProcess
EnumResourceNamesA

advapi32

LsaEnumerateTrustedDomainsEx
LsaCreateTrustedDomainEx
LsaEnumeratePrivileges

dsound

DirectSoundCaptureEnumerateW
DirectSoundEnumerateW
DirectSoundCaptureCreate8

user32

DrawCaption
LoadIconA
DispatchMessageA
ShowCaret
ShowOwnedPopups
DestroyCaret
CreateIconFromResource
CreateIcon
CharToOemA
wsprintfA
OemToCharW

msvfw32

ord2
ICGetDisplayFormat
DrawDibRealize
DrawDibOpen
DrawDibEnd

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ