8ba9a378f58a0ef67e98c64c9eac6d33_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ba9a378f58a0ef67e98c64c9eac6d33_JaffaCakes118
Size

96KB
MD5

8ba9a378f58a0ef67e98c64c9eac6d33
SHA1

0edbcd9374900baa9f9b99f60b94e2a19da6ca5d
SHA256

1706a1e73fb3bcedf494c4ddf5f5984f11c7bfcf3f32b6403b364c16da6d2779
SHA512

5072eb05d0ee730fa04ff4dfffc338d12f6549fc2a7196a3c9509c56118f4e2353410a6933677ee3b7a2b87df338a4559b6e9c868883b2577c6d219bad2d6622
SSDEEP

1536:Eai5TuMQWzYh8rwpuVN3Iaz/QfT26fsCdrUf9xbQsq78ACjA:RiY9t8rwpEQfbdeQt7jh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba9a378f58a0ef67e98c64c9eac6d33_JaffaCakes118

Files

8ba9a378f58a0ef67e98c64c9eac6d33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

638849ccfc2427240062bb77ea04a89e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

kernel32

GetProcAddress
LoadLibraryA

msvbvm60

__vbaCopyBytes
ord669
ord593
ord595
ord598
DllFunctionCall
ord600
__vbaExceptHandler
ord711
ord607
ord608
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord648
ord681
ord100
ord617

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ