de3fbee4a85f336cccee152e986bb7f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de3fbee4a85f336cccee152e986bb7f9_JaffaCakes118
Size

184KB
MD5

de3fbee4a85f336cccee152e986bb7f9
SHA1

796b7ac8f7dbe156be1e9ca64f4365c48e3bec7a
SHA256

768eedbad49c66e5275f9d7cc6d3b6844a21c88f60fc795bd79f384dbb24ca91
SHA512

1d3a7bb95ad67f0ac063948624566caf1805f390fc938e1a0aecbcfb32b5f340810099cb7c18d6c47180c5200ae73ff9853921899d042a660b40e04e740bdb99
SSDEEP

768:v5El6AIsFueP6LyqKx8gnHSqJKsb/3BIvoQgE:vCIsoryqK8gmsT3BIvoQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de3fbee4a85f336cccee152e986bb7f9_JaffaCakes118

Files

de3fbee4a85f336cccee152e986bb7f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5755f2b91f3a694c35556804770bf67d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcW

msvbvm60

ord582
ord583
ord584
ord696
ord516
ord628
ord660
ord593
ord520
ord632
DllFunctionCall
ord601
__vbaExceptHandler
ord606
ord608
ord716
ProcCallEngine
ord644
ord572
ord573
ord575
ord100
ord616
ord617
ord546
ord581

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ