d088ce4ec1315eacc2d72b2e6f3a3147_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d088ce4ec1315eacc2d72b2e6f3a3147_JaffaCakes118
Size

856KB
MD5

d088ce4ec1315eacc2d72b2e6f3a3147
SHA1

5abdbe243f9297136177c6bc989964f552ca6df3
SHA256

6b8aa97b24b133f7845e5513f0e095365195e26c8585ac6deebffc789c1345df
SHA512

defca0bbb188a31b62d633371dd6ca63a18f17ef1165de7025bbbe17f96c8c34edefba39a867fc54e8c8c42b57e13ba234e7eae2751fbf9d4b98fd7c03554883
SSDEEP

24576:wk5T7qOWVEcES35m78xjfQnMJ9tu9CCrwDtC:wO9SA78GnmuC5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d088ce4ec1315eacc2d72b2e6f3a3147_JaffaCakes118

Files

d088ce4ec1315eacc2d72b2e6f3a3147_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cebec99455df8a7950134c0a94ee54f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

kernel32

GetProcAddress
CopyFileA
LoadLibraryA

msvbvm60

ord516
ord626
__vbaCopyBytes
ord669
ord593
ord595
ord598
ord631
ord632
ord525
ord527
ord529
DllFunctionCall
ord600
__vbaExceptHandler
ord711
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord537
ord644
ord645
ord570
ord648
ord681
ord100
ord616
ord617
ord580

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ