26dcfedd7c59a7c83350affab8623932_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26dcfedd7c59a7c83350affab8623932_JaffaCakes118
Size

180KB
MD5

26dcfedd7c59a7c83350affab8623932
SHA1

b0574e56cf76ea0ded85b0fc91ae2067c06581ba
SHA256

b85e54d4f1dbc8adf62eb4b13e374b51273a4faf2449ccde779730380ac0a776
SHA512

9d85da66b9fdb85df1c278317542bab58109dc60c04b83c7554705479d9deb7377ec28b414f85901e96cb52af71c41d6a31375fe4f3b1c54d9b1729fe120edbe
SSDEEP

1536:mA0zzktukw3XMUG2cFksJY6LQBkRr7lvoqzvccJ5JkI:rHxzS6LQyte+dJkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26dcfedd7c59a7c83350affab8623932_JaffaCakes118

Files

26dcfedd7c59a7c83350affab8623932_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5ffbd4698bed48eb35c2e2aa2dc027f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessagePos

kernel32

GetVersion

gdi32

GdiFlush

msvbvm60

ord583
ord187
ord588
MethCallEngine
ord516
ord517
ord518
ord519
ord595
ord520
ord522
ord709
ord632
EVENT_SINK_AddRef
ord527
ord528
DllFunctionCall
ord670
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord717
ProcCallEngine
ord535
ord537
ord644
ord645
ord539
ord681
ord578
ord100
ord579
ord613
ord616
ord617
ord618
ord619

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ