f6fe1e2505bc5988314251faa654b2d3_JaffaCakes118

General

Target

f6fe1e2505bc5988314251faa654b2d3_JaffaCakes118
Size

460KB
MD5

f6fe1e2505bc5988314251faa654b2d3
SHA1

6a377dde38bf6c27efba5ef1be2ea558e4432e1c
SHA256

55846a8953061c98e1e6faabb0b6e2a857122bc5f5c4c3cdcbe84899b368d7c3
SHA512

fa1d929985e9da2c0fb051ae52dce18491484146d4902ab0fd1c58ebfba9b864309e0a8d398658e08790c4a5feb2aa285c0d799a5da67cc1effed39472cf7793
SSDEEP

6144:0niF2fxQMIq1/QjqG9ggsP2BfWprjP5OHbXjBPqTDV96HLbz7:0iF2xtQj36P2wpHRO7XlPqTDVez7

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6fe1e2505bc5988314251faa654b2d3_JaffaCakes118

Files

f6fe1e2505bc5988314251faa654b2d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3af78276cd026cf14fe44a9b76f79ea3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaPutOwner3
__vbaR4Str
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
__vbaVar2Vec
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
__vbaPutFxStr4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3af78276cd026cf14fe44a9b76f79ea3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 352KB - Virtual size: 351KB

.text
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 352KB - Virtual size: 351KB