darkcomet | 9fd5211016070adee4e00deef89d14a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fd5211016070adee4e00deef89d14a3_JaffaCakes118
Size

3.6MB
MD5

9fd5211016070adee4e00deef89d14a3
SHA1

71e621010460eae7b09dc42a95913540ae32f5c6
SHA256

795a40a4d3e4b673c1220fdabd5e4d3a7f2cae2de43e7b9240feaeb820dd5c5a
SHA512

02fb87f34243c6f37bf8f39a95a083db565c6dfdf1ad975a619b3da5c8c776f23f4193d3d9b2cb3ec622d3d61c899ece55256f5151d58cc996471831129fbb22
SSDEEP

98304:zaoCYqNl8zkXyPterEf7520KrjYCsY0geuubXj73C:zao63ElN2jYmeDP3

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fd5211016070adee4e00deef89d14a3_JaffaCakes118

Files

9fd5211016070adee4e00deef89d14a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Za plamena\Visual Basic Source Codes!\Binders\Binder Example\Binder Example Stub\Binder Example Stub\obj\Debug\Stb.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ