darkcomet | b059b04942a14a27223f4bb9149d8eb0_JaffaCakes118 | Triage

Sharing

General

Target

b059b04942a14a27223f4bb9149d8eb0_JaffaCakes118
Size

2.8MB
MD5

b059b04942a14a27223f4bb9149d8eb0
SHA1

45ddf1c31abf3aeb85a4f691a4a6569fa4703707
SHA256

438d2ed17d7a6b8e0cb6267072fc2b8bf50c33d1507dc1849e9f1968f3acd287
SHA512

f8711e971d5fb24662ee09ef70451eead70e2e9b3291ce0dadfac0824fd8ea3778fd6cb8991bc25e49c2d057ea256489a5664a606db455eca366ec19b7e865dd
SSDEEP

49152:aELbVMTrOq4qQoJZdiyqcsxWjI9I/KTvUwhq5:a6b+f7QoPjIS/KTMwE

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b059b04942a14a27223f4bb9149d8eb0_JaffaCakes118

Files

b059b04942a14a27223f4bb9149d8eb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c47a00630963c8fc4ee3fe659ac48970

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
__vbaGet3
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
ord600
_CIsqrt
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
_CIexp
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ