42792fe55c7653d1a9413c3a60a9f7bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42792fe55c7653d1a9413c3a60a9f7bd_JaffaCakes118
Size

1.0MB
MD5

42792fe55c7653d1a9413c3a60a9f7bd
SHA1

1282b37b865d055b856dc9eb31e5199ad35c9a49
SHA256

d1dc1cb65ac3a6ec51074f86dba831ec24c014e9fa3171b761efdbd7a9d2a42b
SHA512

54ab5708aa2bc663a3a8313b2273ca0880e77a160f954f46f76887640c42cbfdbe720f23e43fad7c366bc80514c33652a791cfa84a4b529bbea89955b31389b8
SSDEEP

24576:iAdbn4bgvKxhjVCwbhYxT06IfFI3ru4nilNjGj8mRFMZ:5uMy2ihYB06IfFsrufyhq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XMRbuilder.exe

Files

42792fe55c7653d1a9413c3a60a9f7bd_JaffaCakes118
.zip

Password: infected
XMRbuilder.exe
.exe windows:4 windows x86 arch:x86

880b392025ef476d84f48d330acf28dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
ord694
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ