20cdf6b8158dc211f75c957a6b645f44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20cdf6b8158dc211f75c957a6b645f44_JaffaCakes118
Size

76KB
MD5

20cdf6b8158dc211f75c957a6b645f44
SHA1

9ab8d5af3626ac1c84c93f80d14bc35eb56985d3
SHA256

98cd65cfc8c1614fa08be0a6c060d22afce7c6fccc448a44b9d89f93ab2c023b
SHA512

e6a3cf587eb8eb4de88d17f9c9d1de1b25a45179a689bc89c3defe07cd4e3eaeb7500f63ce6169ae869acdca0d1cd051f4f889d83390f62a54a86e9e9be00776
SSDEEP

1536:ZhLZzXcQhz4089NSxPUqPa/wRJIk5J60z7byKpvUHiaaK4BOKe:ZRZ7VKryxPUqy/Amm6MvtvUHJv4B9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20cdf6b8158dc211f75c957a6b645f44_JaffaCakes118

Files

20cdf6b8158dc211f75c957a6b645f44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f60429c147f87d12bd1c106cd9b05d2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SelectObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateDIBSection
DeleteObject

user32

GetWindowRect
CreateWindowExA
FillRect
RegisterClassExA
MoveWindow
GetSysColor
DestroyWindow
SetWindowLongA
SystemParametersInfoA
UnregisterClassA
IsWindowVisible
ShowWindow
GetDC
DefWindowProcA
SetTimer
CallWindowProcA
KillTimer

kernel32

GetProcAddress
RtlMoveMemory
GetModuleHandleA
GetVersionExA
GetTickCount

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
Zombie_GetTypeInfo
EVENT_SINK2_Release
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
ord520
_CIsin
ord631
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
Zombie_GetTypeInfoCount
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
_CIlog
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f60429c147f87d12bd1c106cd9b05d2e

Headers

File Characteristics

Imports

gdi32

user32

kernel32

msvbvm60

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 8KB