2b27f89f434249776055420be079067b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b27f89f434249776055420be079067b_JaffaCakes118
Size

268KB
MD5

2b27f89f434249776055420be079067b
SHA1

4e25b993b98993ed11c8984d93d4e50185faa087
SHA256

f710ddc4e530a72e1d9c603de6454e5d88e7cb1ec1806ed2b3a14a966649572f
SHA512

4d63ae67d8d41ed01528f03fc7a88d2e30b956b6f434fc0e66423fe9cd53ac958c5f40b7db0ac37ec27cf277987b5738b79b547841d410f5dc5838080605415f
SSDEEP

3072:HrZRboECEWMoUGbUIhG1VUgs6zO5QXGNoSCE5lbYeyAJI7+WflgvNTUA7TpD:BoUWth6Ugs6zHzelce0+o+NYA9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b27f89f434249776055420be079067b_JaffaCakes118

Files

2b27f89f434249776055420be079067b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63af7ae5fee2829ed6656756b1a16803

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA

winmm

mciSendStringA

user32

LoadIconA

msvbvm60

ord696
ord697
MethCallEngine
ord517
ord519
ord557
ord666
ord667
ord593
ord594
ord595
ord520
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord560
ord561
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord531
ord716
ord717
ProcCallEngine
ord644
ord537
ord681
ord576
ord685
ord100
ord610
ord616
ord617
ord618
ord652
ord580
ord581

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE