d6d825f2f2c75876fde0a34908862e02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6d825f2f2c75876fde0a34908862e02_JaffaCakes118
Size

1.1MB
MD5

d6d825f2f2c75876fde0a34908862e02
SHA1

5099063852d11c5db95e9ef46c756cdce33b180f
SHA256

6f669947ca45a6020ca7405d33f20f4fbff77c6c772147481b81f298edc6a5f1
SHA512

5f512c9f2f88fee3e4d7030f6df295d76e7982fd38e617c8cb132bd01a48b8daccdd719c30e074a7ee3cad3314412d88db8010f4aa282156d48e37d3c0f179d2
SSDEEP

24576:WNr+giHWlMUKfb3QUi1Cqn21DEEZ6yh0E07WnZ12Y7d+:Wh+gi4Mr8UXsQQEJCs98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6d825f2f2c75876fde0a34908862e02_JaffaCakes118

Files

d6d825f2f2c75876fde0a34908862e02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

901b1c98eb828c0cac0a1be5ba7a5c8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588
ord696
ord697
MethCallEngine
ord517
ord519
__vbaCopyBytes
ord553
ord660
ord667
ord706
ord631
ord525
EVENT_SINK_AddRef
ord528
ord561
DllFunctionCall
ord675
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord609
ord717
ord533
ProcCallEngine
VarPtr
ord539
ord570
ord648
ord575
ord100
ord610
ord613
ord617
ord618
ord619
ord542
ord545
ord548
ord549

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1016KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ