blackshades | JaffaCakes118_3bd7458a801d40cf6c3945d462bb83e1 | Triage

Sharing

General

Target

JaffaCakes118_3bd7458a801d40cf6c3945d462bb83e1
Size

448KB
MD5

3bd7458a801d40cf6c3945d462bb83e1
SHA1

75b6a61e82a4759febd008b6245a49a4d7503a66
SHA256

59e56524d145bcf01af9b8290cea654bac28263969c902845ab4c9d54071670f
SHA512

1916476454fac63041396c5975994388ea8190570cd44ca5839815fcb332f1b485d27d98555c990472a508b88641c19a5fa61cd52158f92ab03966cfe80bbdfb
SSDEEP

6144:Aary7GJaw2T4Hb4I2HIEi+nPHawBnN/sRm+Vmj1d2tvkUTWFnHR1/ZN2Fs:Ry7GJaXTC4IsjkvK1gtvkUTWFnH//ZN1

Score

10^/10

blackshades

Malware Config

Signatures

Blackshades family
blackshades

Blackshades payload 1 IoCs

resource	yara_rule
sample	family_blackshades

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3bd7458a801d40cf6c3945d462bb83e1

Files

JaffaCakes118_3bd7458a801d40cf6c3945d462bb83e1
.exe windows:4 windows x86 arch:x86

d7bb01f12bf05bc215cc79d5f95b57f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ