JaffaCakes118_849eb4c914b9130f0a69a1609550a564 | Triage

Sharing

General

Target

JaffaCakes118_849eb4c914b9130f0a69a1609550a564
Size

74KB
MD5

849eb4c914b9130f0a69a1609550a564
SHA1

813f782bffce0e5f6d9319be5a660b3199fe2135
SHA256

29cf7d4a7fc61a36c2c987c64ef3324032ad654405b2c40bc9bcc53c19996e1b
SHA512

b5ccbf895f380330e73341c3a00ed405e13b47ee3273a4658a437db8b68c44f37b966f4ae5d0264b9dcdaea097ad178aad1a4ac7984da149e7beee7934666295
SSDEEP

1536:aaafTQjzpClvBedwjVbTPkbCdj8m4VjoA61a2ZmO36ZoYcbSt4MN:KfkjzJ2hcOojoYMmOgohbStL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/payment-wire transfer- (BT67798213454323235).exe

Files

JaffaCakes118_849eb4c914b9130f0a69a1609550a564
.eml
email-html-1.txt
payment-wire transfer- (BT67798213454323235).lzh
.lzh
payment-wire transfer- (BT67798213454323235).exe
.exe windows:4 windows x86 arch:x86

1aba8d044d8f6dcb721b92e7112420a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord515
ord666
ord703
ord598
ord704
ord522
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord679
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord717
ord100
ord613

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ