86594e6242fa0abfdc3377bca5d95ea9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86594e6242fa0abfdc3377bca5d95ea9_JaffaCakes118
Size

119KB
MD5

86594e6242fa0abfdc3377bca5d95ea9
SHA1

ac6aa701f7b386ed3af66ba825734eba9d3db576
SHA256

e140ce72213f5cd9f6f087641e0d2a21a7eb0b657364a39aafd09cdc2ac05b2b
SHA512

4a1c3756d2be34e71a0c5c314d73f69f6234af9d34c65635923b9cb7e519b8c10d9b025110d31e6baf20a8c685e30364550eb56a02217c8719fa8840c6ede0c7
SSDEEP

3072:A0S7oBSRVS/tcINVQ8CIKAEtodQ9HbyX/skQRbXGrwT:PSstDNWI7kodMbpkQRDGrwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86594e6242fa0abfdc3377bca5d95ea9_JaffaCakes118

Files

86594e6242fa0abfdc3377bca5d95ea9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7bcce95af1b192628e97b634a6f9640

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

kernel32

GetProcAddress
LoadLibraryA

msvbvm60

DllFunctionCall
__vbaExceptHandler
ProcCallEngine
ord644
ord100

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ