darkcomet | 8de865647d2cdfff8f15a2f66da4cf96_JaffaCakes118 | Triage

Sharing

General

Target

8de865647d2cdfff8f15a2f66da4cf96_JaffaCakes118
Size

1.5MB
MD5

8de865647d2cdfff8f15a2f66da4cf96
SHA1

379b9c86d30691d683353a039352bb763e160f49
SHA256

ce3b8c803e3f620ab6a4fe0448b87102e4578713b1355e0359f8e6243caeff66
SHA512

4f1f3d097f521d8cc3f94c6c38a6d7ad8eda53be804407a106da404961a8a14a35b1b0bf204e8f052bd72fe7397483fa94b69b80b7bac61f0965ad23b5c52af2
SSDEEP

24576:mgdX4AEE3uBDhynCylQgi63O9+VuNY3WSxLNO3KCxZyNfF3tvYTJ:h4AE3JX63OMha66qD6

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8de865647d2cdfff8f15a2f66da4cf96_JaffaCakes118

Files

8de865647d2cdfff8f15a2f66da4cf96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.textbss
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLS
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ