081430931639c2cc66825765f832de70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

081430931639c2cc66825765f832de70_JaffaCakes118
Size

3.1MB
MD5

081430931639c2cc66825765f832de70
SHA1

f7d05bd89fb10182d625ef6d1a017fa15ff29550
SHA256

242604fc046209fb97aaf7f66d5ec76f543e7df8ae48defe185b269e84d96896
SHA512

9576824862ff90f73ef38e535ff8be8fc7db37eb70bffd0bbd2f287350324c2bf0dfc852d2fcba59e7f57e1253eea6b64eede958900c27065d33861151cacd16
SSDEEP

98304:lN1BtOT5Rq5nKR1yzF4T2dlKsScIxdVaDOu:dO9M5nKR1yzGsScodAqu

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/BioZombie/Bot/BioBot.exe
unpack002/BioZombie/Client/BioZombie 1.5.exe
unpack003/z3r0xb0t Final Public Release [v2.0]/Crypter/Crypter.exe

Files

081430931639c2cc66825765f832de70_JaffaCakes118
.zip
BioZombie.zip
.zip
BioZombie v1.5.txt
BioZombie/Bot/BioBot.exe
.exe windows:4 windows x86 arch:x86

53db4181a237c1e486d49a0076647b89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord660
ord593
ord598
ord631
ord632
ord525
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord607
ord608
ord716
ProcCallEngine
ord535
ord537
ord645
ord570
ord648
ord573
ord576
ord578
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord580
ord581

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BioZombie/Client/BioZombie 1.5.exe
.exe windows:4 windows x86 arch:x86

7ae232834ab1b119e139f1e2295e7458

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI2
ord617
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XR Host Booter 2.1.txt
z3r0xb0t_Final_Public_Release_[v2.0].rar
.rar
z3r0xb0t Final Public Release [v2.0]/Crypter/Crypter.exe
.exe windows:5 windows x86 arch:x86

404315287fcfea3c5756f3f4ee06ffe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Olivier Leduc\Documents\Visual Studio 2008\Projects\Crypter\Release\Crypter.pdb

Imports

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcr90

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
??2@YAPAXI@Z
strncpy
_adjust_fdiv
__CxxFrameHandler3

kernel32

Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
z3r0xb0t Final Public Release [v2.0]/Crypter/Example.txt
z3r0xb0t Final Public Release [v2.0]/Crypter/crypted.txt
z3r0xb0t Final Public Release [v2.0]/Crypter/tocrypt.txt
z3r0xb0t Final Public Release [v2.0]/cipher.cpp
z3r0xb0t Final Public Release [v2.0]/config.h
z3r0xb0t Final Public Release [v2.0]/externs.h
z3r0xb0t Final Public Release [v2.0]/includes.h
z3r0xb0t Final Public Release [v2.0]/install.cpp
z3r0xb0t Final Public Release [v2.0]/irc.cpp
z3r0xb0t Final Public Release [v2.0]/lib/MSNMessengerAPI.tlb
z3r0xb0t Final Public Release [v2.0]/lib/MSNMessengerAPI.tlh
z3r0xb0t Final Public Release [v2.0]/lib/MSNMessengerAPI.tli
z3r0xb0t Final Public Release [v2.0]/msn.cpp
z3r0xb0t Final Public Release [v2.0]/shared.cpp
z3r0xb0t Final Public Release [v2.0]/shared.h
z3r0xb0t Final Public Release [v2.0]/udp.cpp
z3r0xb0t Final Public Release [v2.0]/usb.cpp
z3r0xb0t Final Public Release [v2.0]/z3r0xb0t.ncb
z3r0xb0t Final Public Release [v2.0]/z3r0xb0t.sln
z3r0xb0t Final Public Release [v2.0]/z3r0xb0t.suo
z3r0xb0t Final Public Release [v2.0]/z3r0xb0t.vcproj
.xml
z3r0xb0t Final Public Release [v2.0]/z3r0xb0t.vcproj.Client-01.Olivier Leduc.user
.xml
z3r0xb0t Final Public Release [v2.0]/z3r0xb0tcore.cpp
.vbs

Sharing

General

Malware Config

Signatures

Files

53db4181a237c1e486d49a0076647b89

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: - Virtual size: 4KB

.rsrc Size: 92KB - Virtual size: 88KB

7ae232834ab1b119e139f1e2295e7458

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 6KB

404315287fcfea3c5756f3f4ee06ffe7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp90

msvcr90

kernel32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 908B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 124KB - Virtual size: 123KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 92KB - Virtual size: 88KB

.text
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 1008B