4c9fbe570ee4899b4f42512e8a3465ae_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c9fbe570ee4899b4f42512e8a3465ae_JaffaCakes118
Size

36KB
MD5

4c9fbe570ee4899b4f42512e8a3465ae
SHA1

1f7fc0ef1d198e962b541d6e386cbc4eb87dd3ed
SHA256

4ac68d9b3c6fb3a59d00f3720eec21e618267c161cba0fc42b4f1d7f0138f1a5
SHA512

cf1af2c76874015944df7ffdb45925242f46774ad392690ea0c1c02510d27bc27741ba02e38467c1298d0525daa6aa0a99a39e2afdc9ae6f286e506976c4fd68
SSDEEP

384:kp5vIQavwRLiGOJGILPEIoTA14DVi7vKDksXpT/f9Zztj7C0y3qT3cV:kppIQavkiGsEIOVqq5T9Zztj7Czb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c9fbe570ee4899b4f42512e8a3465ae_JaffaCakes118

Files

4c9fbe570ee4899b4f42512e8a3465ae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35619aeed498cdf3457b52fdf648a2aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

$$$$$$60

ord621
ord516
ord595
ord598
ord631
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord717
ProcCallEngine
ord644
ord570
ord100
ord616

Sections

.TEXT
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DATA
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r2rc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ