14e005a1a51398895c4bd7056964dd6c_JaffaCakes118 | Triage

Sharing

General

Target

14e005a1a51398895c4bd7056964dd6c_JaffaCakes118
Size

31KB
MD5

14e005a1a51398895c4bd7056964dd6c
SHA1

e13695f3006dad0dbdf2957590cabfb4141fb6f0
SHA256

a2be2bc2c4ca6b92631caf8ca4d8626225af2536d1497d8599cac376837532e2
SHA512

1485371dfb547b83d0e19d3923d53c8ded2bd286a301af45d4337a9bcd4f138a221e6129e0a2b5db01b77180dcf2983c34428e0cb17e57031c79f44a1f186357
SSDEEP

384:DJ8l5JSs4NyyTk3y5l1jB7sBfaOeRu21Dsg+9xT25kx+pNavsMxq/sR1PqSrwbIx:DOl61yN3y5qcZRFKbT2K4+q/MqXM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Draft HAWB.pdf.scr

Files

14e005a1a51398895c4bd7056964dd6c_JaffaCakes118
.rar
Draft HAWB.pdf.scr
.exe windows:4 windows x86 arch:x86

b44701f8584a11ae562a0d5ad30b2cbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord585
ord696
MethCallEngine
ord513
ord514
ord628
ord662
ord665
ord666
ord591
ord592
ord595
ord708
ord631
ord525
EVENT_SINK_AddRef
ord528
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord714
ProcCallEngine
ord536
ord537
ord646
ord648
ord680
ord683
ord685
ord100
ord687
ord610
ord611

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ