d05945d02683e526c54ec4ed35477ecd_JaffaCakes118 | Triage

Sharing

General

Target

d05945d02683e526c54ec4ed35477ecd_JaffaCakes118
Size

364KB
MD5

d05945d02683e526c54ec4ed35477ecd
SHA1

aeab1cfe6c8613d4b5d4fdaba68d87367c76c141
SHA256

fc6c7748a67df3158b6bd2ac93092a7e7cfd45248d121e4cd30d13045f570bd2
SHA512

2ceda466a0c4c8579485499ec988eabd1fddf3d8c607480cedc1c40e000e9f3823e5d06db7b8f6db25111aa3d486e3886de911f92ab584d51576220870afe5cc
SSDEEP

6144:eG5kKZ9Qr4UJsZuHxlL6dcOix+HCEY7kN4Qsa7v7N7Ijc:kr4YZxFHlxsntN4LaH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d05945d02683e526c54ec4ed35477ecd_JaffaCakes118

Files

d05945d02683e526c54ec4ed35477ecd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ce14a9831b308b020de1eb43dee769a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

kernel32

GetProcAddress
CopyFileA
LoadLibraryA

msvbvm60

ord626
__vbaCopyBytes
ord669
ord593
ord595
ord598
ord525
ord527
ord529
DllFunctionCall
ord600
__vbaExceptHandler
ord711
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord570
ord648
ord681
ord100
ord616
ord617
ord580

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ