88b500aed34c88c0cef375de279aa2c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

88b500aed34c88c0cef375de279aa2c2_JaffaCakes118
Size

113KB
MD5

88b500aed34c88c0cef375de279aa2c2
SHA1

bfedc562d7b27c36737a37b10e9a0c3840e7ce4f
SHA256

24bc4840a7c6a4a9c12c5a47a003154825bfbb3f8361ecd5b392c41ea6d29793
SHA512

d6280aeb0f8b5e76933c589e140d76383c458d2f806502ffb0d82d62d1617aad7735d5c4ab8007eeba189d619378f5402755eeb32b52f1607920b90ffacb5ac2
SSDEEP

3072:/tcBB0S6YZUAf9VN7/JtBWjoN1Nf1Sb/DbhRzgPY:M6YeU9P/JtHPfSb/DTKY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpazBot 2.12 - June 2007/pstord.exe

Files

88b500aed34c88c0cef375de279aa2c2_JaffaCakes118
.zip

Password: infected
SpazBot 2.12 - June 2007/Compressed/..pass
SpazBot 2.12 - June 2007/Compressed/index.log
SpazBot 2.12 - June 2007/PackFiles.sh
.sh linux
SpazBot 2.12 - June 2007/README.txt
SpazBot 2.12 - June 2007/SpazBot.vbp
SpazBot 2.12 - June 2007/clsCPUID.cls
.vbs
SpazBot 2.12 - June 2007/clsExitWindows.cls
SpazBot 2.12 - June 2007/clsSocketPlus.cls
.vbs
SpazBot 2.12 - June 2007/clsStringBuilder.cls
.vbs
SpazBot 2.12 - June 2007/ctlDownload.ctl
.vbs
SpazBot 2.12 - June 2007/ctlSocks4.ctl
.vbs
SpazBot 2.12 - June 2007/exclude modules.txt
SpazBot 2.12 - June 2007/frmMain.frm
.vbs
SpazBot 2.12 - June 2007/hosts.txt
SpazBot 2.12 - June 2007/kill lists.enc
SpazBot 2.12 - June 2007/modAccessibility.bas
SpazBot 2.12 - June 2007/modCPUSpeed.bas
.vbs
SpazBot 2.12 - June 2007/modCRC32.bas
.vbs
SpazBot 2.12 - June 2007/modCommands.bas
.vbs
SpazBot 2.12 - June 2007/modDNS.bas
.vbs
SpazBot 2.12 - June 2007/modDOSOutput.bas
.vbs
SpazBot 2.12 - June 2007/modData.bas
.vbs
SpazBot 2.12 - June 2007/modDoS.bas
.vbs
SpazBot 2.12 - June 2007/modEncrypt.bas
.vbs
SpazBot 2.12 - June 2007/modFileSearch.bas
.vbs
SpazBot 2.12 - June 2007/modHomepage.bas
.vbs
SpazBot 2.12 - June 2007/modKillProc.bas
.vbs
SpazBot 2.12 - June 2007/modKillStuff.bas
.vbs
SpazBot 2.12 - June 2007/modMD5.bas
.vbs
SpazBot 2.12 - June 2007/modMain.bas
.vbs
SpazBot 2.12 - June 2007/modMutex.bas
.vbs
SpazBot 2.12 - June 2007/modPatchTCPIP.bas
.vbs
SpazBot 2.12 - June 2007/modRegistry.bas
.vbs
SpazBot 2.12 - June 2007/modSettings.bas
.vbs
SpazBot 2.12 - June 2007/modShellExec.bas
SpazBot 2.12 - June 2007/modSocketPlus.bas
.vbs
SpazBot 2.12 - June 2007/modSpreadAIM.bas
.vbs
SpazBot 2.12 - June 2007/modSpreadMSN.bas
.vbs
SpazBot 2.12 - June 2007/modStartup.bas
.vbs
SpazBot 2.12 - June 2007/modSysInfo.bas
.vbs
SpazBot 2.12 - June 2007/pstord.enc
SpazBot 2.12 - June 2007/pstord.exe
.exe windows:4 windows x86 arch:x86

6f257f08d11ac7952f787315e08173ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
LocalFree

user32

wsprintfA
IsCharAlphaNumericA

oleaut32

GetErrorInfo

msvcrt

exit
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
strlen
__p__commode
strstr
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
_exit
_XcptFilter
memset
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SpazBot 2.12 - June 2007/resources.RES
SpazBot 2.12 - June 2007/resources.rc

Sharing

General

Malware Config

Signatures

Files

Password: infected

6f257f08d11ac7952f787315e08173ab

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 15KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 15KB