darkcomet | 485b273bbcd220d1677e7f8972002d99_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

485b273bbcd220d1677e7f8972002d99_JaffaCakes118
Size

992KB
MD5

485b273bbcd220d1677e7f8972002d99
SHA1

d65217ef3861b57263e3e15afaca0834727ed8de
SHA256

2b0c8f8ba331c56f19fd0f08cbb111d17035836f259a65fee040e52e5b408668
SHA512

a0ad0746285993c89d5a193e3fd7baf1f747a107e6e9562aca93770fcf0c3d9f666c79fdd58bdb7da60614fd554831ca7d6d9b2d3f1382c9aa1794c67989ddf0
SSDEEP

24576:7AEENIq8XwyVPQclDq/+WnTslw0QZh9u:7AEsw722Wn2

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
485b273bbcd220d1677e7f8972002d99_JaffaCakes118

Files

485b273bbcd220d1677e7f8972002d99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.MPRESS1
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE