darkcomet | 5cd05cfbfa4b889adb882fb552202c31_JaffaCakes118 | Triage

Sharing

General

Target

5cd05cfbfa4b889adb882fb552202c31_JaffaCakes118
Size

713KB
MD5

5cd05cfbfa4b889adb882fb552202c31
SHA1

d41b7e574cc45aa11f56e8f1848849bb9bae94e1
SHA256

ef3ec0a37499aad0871963c495e635d06ea85746c702476a38a2bfae039f40b6
SHA512

7e3e4251d65118f91b71126da113a35656a8dac25e3075ac58e72a93864b11150d0e88564c640a86622afd6a3e7d4b93aa20cb367e94c8c61c8b5b9671203b95
SSDEEP

12288:iaAchpWsuVTv7ItY8XljyypHP7cOLBev0IhlULsmWZ++09ZcKDksfdeX:zAEENIq8XwyVPQclqq/+WnIsleX

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5cd05cfbfa4b889adb882fb552202c31_JaffaCakes118

Files

5cd05cfbfa4b889adb882fb552202c31_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ