398b47d464bc311c3fa12a61a1ad2c7b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

398b47d464bc311c3fa12a61a1ad2c7b_JaffaCakes118
Size

1.5MB
MD5

398b47d464bc311c3fa12a61a1ad2c7b
SHA1

b9d2e98695a88b0ddafb2215c0f581c31a9347e2
SHA256

51969eb40bc3bc9efdd3fb6ab5d3b61324c0c68eab9a569451ad44e69702d086
SHA512

f38858a3ab96a21847ed67ae2478115e2a337a9cb2a6f6e97520daae9359d66625bdcbe76b872f9a62616be264a454a265d9a4b8359d91d37d779817a69f48e2
SSDEEP

49152:PoWAEDrDq/dC7v8HpPy33vciiCB8VZ2V4n:r8/87v8HG3pio8VZ2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398b47d464bc311c3fa12a61a1ad2c7b_JaffaCakes118

Files

398b47d464bc311c3fa12a61a1ad2c7b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bbe1fb39303e98db7498b66f5cc8360

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
LockResource
ExitProcess

user32

ShowWindow

msvbvm60

ord696
ord697
MethCallEngine
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord717
ProcCallEngine
ord644
ord100

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ