darkcomet | JaffaCakes118_6eb43ace2dafe0f7d2e51fc92fd83de4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_6eb43ace2dafe0f7d2e51fc92fd83de4
Size

658KB
MD5

6eb43ace2dafe0f7d2e51fc92fd83de4
SHA1

4622ddb6747fee1be35013f2a717383de4d61283
SHA256

fde0d753f0f3880c26da160b8903b0c624be241d5bfaebdb088882c03fd8a09f
SHA512

ce1ae15768a3ac15fb92771bd7e6d15cd3267acf24b468a9871ed11d2f082c9af64565ce5829431d1097cf45bc4f788d5079f0ee10f112a0db5f7e7e58c7c619
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5D:eZ1xuVVjfFoynPaVBUR8f+kN10EK

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6eb43ace2dafe0f7d2e51fc92fd83de4

Files

JaffaCakes118_6eb43ace2dafe0f7d2e51fc92fd83de4
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ