General

Malware Config

Signatures

Files

• 8c403b493985a5259b70945ba508c45e_JaffaCakes118

  .zip
• TDS Challan.exe

  .exe windows:4 windows x86 arch:x86

  ba7c058fb87d44e785b640c85f512af7

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaVarSub

  __vbaVarTstGt

  ord690

  __vbaStrI2

  _CIcos

  _adj_fptan

  __vbaHresultCheck

  __vbaStrI4

  __vbaVarMove

  __vbaVarVargNofree

  __vbaFreeVar

  __vbaAryMove

  __vbaStrVarMove

  __vbaLenBstr

  __vbaLateIdCall

  ord696

  __vbaFreeVarList

  __vbaPut3

  __vbaEnd

  _adj_fdiv_m64

  ord698

  __vbaNextEachVar

  __vbaFreeObjList

  ord516

  __vbaVarIndexLoadRef

  __vbaStrErrVarCopy

  _adj_fprem1

  __vbaRecAnsiToUni

  ord518

  ord519

  ord626

  __vbaVarCmpNe

  __vbaForEachCollAd

  __vbaStrCat

  __vbaLsetFixstr

  __vbaSetSystemError

  __vbaLenBstrB

  __vbaHresultCheckObj

  __vbaLenVar

  _adj_fdiv_m32

  __vbaAryVar

  ord667

  __vbaAryDestruct

  ord591

  __vbaVarIndexLoadRefLock

  ord593

  __vbaVarForInit

  ord594

  __vbaStrLike

  __vbaObjSet

  ord595

  __vbaOnError

  ord596

  _adj_fdiv_m16i

  __vbaObjSetAddref

  _adj_fdivr_m16i

  __vbaVarIndexLoad

  ord598

  __vbaStrFixstr

  __vbaForEachCollVar

  ord520

  __vbaRefVarAry

  __vbaBoolVarNull

  __vbaFpR8

  _CIsin

  __vbaErase

  ord631

  __vbaVargVarMove

  ord525

  __vbaVarCmpGt

  ord632

  __vbaChkstk

  __vbaCyVar

  __vbaFileClose

  ord526

  EVENT_SINK_AddRef

  ord528

  __vbaGenerateBoundsError

  __vbaStrCmp

  ord529

  __vbaGet3

  __vbaAryConstruct2

  __vbaVarTstEq

  __vbaPutOwner4

  __vbaI2I4

  __vbaObjVar

  __vbaNextEachCollVar

  ord561

  DllFunctionCall

  ord563

  ord670

  __vbaVarLateMemSt

  __vbaVarOr

  ord564

  __vbaCastObjVar

  __vbaLbound

  _adj_fpatan

  __vbaR4Var

  __vbaFixstrConstruct

  __vbaLateIdCallLd

  __vbaR8Cy

  __vbaRedim

  __vbaStrR8

  __vbaRecUniToAnsi

  EVENT_SINK_Release

  __vbaNew

  ord600

  ord601

  __vbaUI1I2

  _CIsqrt

  __vbaObjIs

  __vbaVarAnd

  __vbaLateIdCallSt

  EVENT_SINK_QueryInterface

  __vbaStr2Vec

  __vbaUI1I4

  __vbaExceptHandler

  ord711

  ord712

  __vbaStrToUnicode

  __vbaPrintFile

  ord713

  _adj_fprem

  _adj_fdivr_m64

  ord714

  ord607

  __vbaI2Str

  ord608

  ord716

  __vbaFPException

  __vbaInStrVar

  ord717

  __vbaStrVarVal

  __vbaUbound

  __vbaVarCat

  __vbaI2Var

  ord644

  ord537

  ord645

  _CIlog

  __vbaErrorOverflow

  __vbaFileOpen

  __vbaInStr

  ord648

  __vbaR8Str

  __vbaVar2Vec

  ord570

  __vbaVarLateMemCallLdRf

  __vbaNew2

  _adj_fdiv_m32i

  _adj_fdivr_m32i

  __vbaVarSetObj

  ord573

  __vbaStrCopy

  __vbaI4Str

  ord681

  __vbaVarCmpLt

  __vbaFreeStrList

  ord576

  _adj_fdivr_m32

  __vbaPowerR8

  _adj_fdiv_r

  ord685

  ord100

  __vbaVarTstNe

  __vbaVarSetVar

  __vbaI4Var

  __vbaVarCmpEq

  ord689

  __vbaFpCy

  __vbaVarAdd

  __vbaAryLock

  __vbaStrComp

  __vbaStrToAnsi

  __vbaVarDup

  ord616

  __vbaFpI4

  __vbaVarLateMemCallLd

  ord617

  __vbaLateMemCallLd

  _CIatan

  __vbaCastObj

  ord618

  __vbaStrMove

  __vbaAryCopy

  __vbaForEachVar

  ord619

  __vbaStrVarCopy

  __vbaR8IntI4

  _allmul

  __vbaLateIdSt

  _CItan

  __vbaNextEachCollAd

  __vbaUI1Var

  __vbaAryUnlock

  __vbaVarForNext

  _CIexp

  __vbaFreeStr

  __vbaFreeObj

  ord581

  Sections

  .text

  Size: 460KB - Virtual size: 457KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 272KB - Virtual size: 269KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ