878ba0f5047f5e2593c391c609643887_JaffaCakes118 | Triage

Sharing

General

Target

878ba0f5047f5e2593c391c609643887_JaffaCakes118
Size

56KB
MD5

878ba0f5047f5e2593c391c609643887
SHA1

e9d568e2627c9fa824b07be096fe423465d81825
SHA256

a7ea68f94c673c8d44b46cce37164eb1a20e2b9d8d03a0f114d1c48d6c05344b
SHA512

643d4b419f7a8447e212297c302ebd28b483973d208da824c063c2f6fec4f3f38c69b249f7bf9ce3bcba56352717d90fa45da8d503a4a84337e0b066bd0ee52a
SSDEEP

768:7/ifT+tLYkV8cyQIrLJ6dDDuKEnWI1G132NRnu:zZV8iIr0dDDuKEU8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

878ba0f5047f5e2593c391c609643887_JaffaCakes118

Files

878ba0f5047f5e2593c391c609643887_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18959aae0b3d95360d9b792a1401d55a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord586
ord660
ord557
ord666
ord594
ord596
ord703
ord525
EVENT_SINK_AddRef
ord527
ord568
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord717
ProcCallEngine
ord648
ord575
ord100
ord613
ord547
ord580

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ