167a74eb6249efe792f0ba1cdbe70af6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

167a74eb6249efe792f0ba1cdbe70af6_JaffaCakes118
Size

9.1MB
MD5

167a74eb6249efe792f0ba1cdbe70af6
SHA1

855404ec06d499b5c7b6ce196433f004d75d6a10
SHA256

61fb4d7b16e025a7ad5198d867e6be737eacf53f288c4bd8280ebf48277ccc56
SHA512

4188fe561579eba217301b4fcf0e242ebb79faacc05878a3903c0e307fad6a83d353af9e9c4c8524e684acd848f49045a900a9148723f753793d1265ce341d22
SSDEEP

196608:MigFsbcOYhuUUHTYDZKjbyibHt74ktPkb6ijwJAH6pXZI:MigFsvY/9462d9kb7jnZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
167a74eb6249efe792f0ba1cdbe70af6_JaffaCakes118

Files

167a74eb6249efe792f0ba1cdbe70af6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6fbb5f1d2e091f4dbf8a359c29384912

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString

gdiplus

GdipCreatePen1
GdipCreatePen2
GdipDrawImageRectI
GdipDeleteGraphics
GdipNewPrivateFontCollection
GdipCreatePath
GdipSetSmoothingMode
GdipCloneImage
GdipSetImageAttributesColorKeys
GdipDrawImage
GdipSetPixelOffsetMode
GdipDeletePath
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipCreateSolidFill
GdipDrawRectangleI
GdipDeleteFontFamily
GdipDrawPath
GdipRotateWorldTransform
GdipCreateStringFormat
GdipGetPathWorldBounds
GdipCreateLineBrushFromRect
GdipDisposeImage
GdipImageRotateFlip
GdipCreateTexture
GdipDrawLine
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipCreateBitmapFromFile
GdipSetInterpolationMode
GdiplusStartup
GdipCreateFont
GdipCreateBitmapFromHBITMAP
GdipDeletePrivateFontCollection
GdipDeleteFont
GdipTranslateWorldTransform
GdipAddPathString
GdipResetWorldTransform
GdipGetImageEncoders
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipMeasureString
GdipFillRectangle
GdipSaveImageToFile
GdipDeletePen
GdipCreateHBITMAPFromBitmap
GdipAddPathLineI
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateBitmapFromHICON
GdipGetImageGraphicsContext
GdipGetImageDimension
GdipDeleteBrush
GdipDrawImageRect
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipAddPathArcI
GdipGetImageEncodersSize
GdipFillPath
GdipDrawString
GdipPrivateAddFontFile
GdipCreateImageAttributes

msvbvm50

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFpCDblR4
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaPut3
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaPut4
__vbaFpCDblR8
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord622
ord516
__vbaGetFxStr4
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI4Sgn
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaCyInt
ord553
ord660
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaRecDestruct
ord662
__vbaHresultCheckObj
__vbaLenVar
ord558
_adj_fdiv_m32
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarCmpGe
__vbaLateMemSt
ord669
ord592
__vbaBoolStr
__vbaExitProc
__vbaStrBool
ord593
ord594
__vbaI4Abs
__vbaCyAdd
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaBoolVar
ord520
__vbaStrFixstr
__vbaForEachCollVar
__vbaVargVar
ord523
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaLateMemStAd
__vbaVarCmpGt
__vbaVargVarMove
ord525
ord632
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaVarAbs
ord528
__vbaGet3
__vbaCyI2
__vbaStrCmp
ord529
__vbaGet4
__vbaVarTstEq
__vbaCyI4
__vbaDateR8
__vbaR4Str
__vbaPrintObj
__vbaObjVar
__vbaI2I4
ord561
__vbaNextEachCollVar
DllFunctionCall
ord563
__vbaVarOr
__vbaFpUI1
__vbaCySub
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
__vbaAryConstruct
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaStr2Vec
__vbaFpCmpCy
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord314
ord606
__vbaR4ErrVar
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord315
__vbaLateIdStAd
__vbaVarDiv
ord607
ord316
ord530
ord608
__vbaVarCmpLe
ord531
__vbaFPException
ord532
__vbaInStrVar
ord319
ord533
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
__vbaGetOwner4
__vbaDateVar
ord535
__vbaLsetFixstrFree
__vbaI2Var
ord536
__vbaStopExe
ord537
ord644
ord538
ord645
_CIlog
ord646
__vbaErrorOverflow
ord647
__vbaFileOpen
__vbaVar2Vec
ord570
__vbaR8Str
__vbaNew2
__vbaInStr
ord648
ord571
__vbaVarInt
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
ord610
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord612
ord321
__vbaVerifyVarObj
ord613
__vbaFpI2
__vbaVarMod
__vbaVarCopy
__vbaFpI4
ord616
__vbaVarTstGe
__vbaR8IntI2
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaCastObj
__vbaStrMove
ord618
__vbaI4Cy
ord619
__vbaStrVarCopy
__vbaR8IntI4
ord542
ord650
ord543
_allmul
__vbaLenVarB
__vbaLateIdSt
__vbaFpCSngR4
ord544
ord545
_CItan
__vbaAryUnlock
__vbaUI1Var
ord547
__vbaFPInt
__vbaFpCSngR8
_CIexp
__vbaStrCy
__vbaMidStmtBstr
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fbb5f1d2e091f4dbf8a359c29384912

Headers

File Characteristics

Imports

ole32

gdiplus

msvbvm50

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data Size: 512B - Virtual size: 195KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 418KB - Virtual size: 417KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 512B - Virtual size: 195KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 418KB - Virtual size: 417KB