48c04d61db189d0f17acb6279883cb11_JaffaCakes118 | Triage

Sharing

General

Target

48c04d61db189d0f17acb6279883cb11_JaffaCakes118
Size

140KB
MD5

48c04d61db189d0f17acb6279883cb11
SHA1

3f45274f866db07a421f0f1ed1b2425a63d5261f
SHA256

a0fc7ea2c2605eca9d23af32dca7ab02bcc6fcde6a9bc9cc5a6bfae96a6e7342
SHA512

e5a9b1deb89a1cb2ae28c46528403f3c3f5560265de36e41c61dd6cbb57db3c421b71cb5dc0d302a5c38ed7cff3d9a34c1596381eebc968422a2ede850e25fc4
SSDEEP

3072:mZySsuuj+3Yy4ByhvxGTQbBlVwoMWzmYg65u5:mAxuu+o5oRBlzMT/6I5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48c04d61db189d0f17acb6279883cb11_JaffaCakes118

Files

48c04d61db189d0f17acb6279883cb11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25b225a6ccfd64f53b31c7931f49674d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516
ord626
ord669
ord593
ord594
ord595
ord596
ord598
ord631
ord526
ord529
DllFunctionCall
ord563
ord600
__vbaExceptHandler
ord711
ord607
ord608
ord717
ProcCallEngine
ord537
ord644
ord570
ord648
ord572
ord573
ord578
ord685
ord100
ord616
ord618
ord581

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sect
Size: 108KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE