blackshades | JaffaCakes118_44c92646652f168b572ca558c64cbe18 | Triage

Sharing

General

Target

JaffaCakes118_44c92646652f168b572ca558c64cbe18
Size

168KB
MD5

44c92646652f168b572ca558c64cbe18
SHA1

5691143f93535edfd63b3ce9e6c5a9e01f6ba859
SHA256

4a198ba14bc25b19e72904912b77e409a75983c052641982e9018f59b4cd1a5c
SHA512

935766144fefdddb56d68cd0fec958a0c3a3f24a7867ba0f397330dd9db13b671ce64f6300537f9cc271e8809b8e5b294f6adf79d3b9f692d166f8aafd9d0ca6
SSDEEP

3072:QA3APuqyV0S2lwVqgDEIKToCSA3HwhQ79AdJAS/51dW5btz7x/VEAiSY6I64GZ6:nPqA0S2li1Lj4fFS/51dW5jduZ6I63Z6

Score

10^/10

blackshades

Malware Config

Signatures

Blackshades family
blackshades

Blackshades payload 1 IoCs

resource	yara_rule
static1/unpack001/whatsapp.exe	family_blackshades

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/whatsapp.exe

Files

JaffaCakes118_44c92646652f168b572ca558c64cbe18
.rar
whatsapp.exe
.exe windows:4 windows x86 arch:x86

2f6a6a37a2da00392a1f4c8deb3bc7be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord665
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord300
ord594
ord301
ord595
ord303
ord702
ord598
ord599
ord306
ord520
ord307
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ