20e30aa8032265af07c8fd69fdd69377_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20e30aa8032265af07c8fd69fdd69377_JaffaCakes118
Size

2.2MB
MD5

20e30aa8032265af07c8fd69fdd69377
SHA1

80ac493abdbe7691d518e55598c11550a5624899
SHA256

fcb5999f26bc7f4008236d610fcf8e0864a2b65825c5760b8c02c89bebef29a4
SHA512

aee3188635e533e37e63ed2f59265e89fe164526be2fced6707501598eaadc27a4ce8f93230ed09d6df4527d01cd13a3368be2278ad43f82f1a4b65b4dec2ea6
SSDEEP

49152:FqE5/6HUdv83zs1maotVkKiorh26HLOxA9px9za+tRQezdFZPNdhgKR:Fqo/6HWvwwMVhior5OxwmcQezdFxrhg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20e30aa8032265af07c8fd69fdd69377_JaffaCakes118

Files

20e30aa8032265af07c8fd69fdd69377_JaffaCakes118
.exe windows:5 windows x86 arch:x86

128809360b796bd3b00cf6a01e181081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexStore
__vbaRaiseEvent
ord621
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
ord519
__vbaI2Abs
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaError
ord660
ord553
__vbaBoolErrVar
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarXor
__vbaAryDestruct
__vbaVarCmpGe
__vbaLateMemSt
ord591
__vbaStrBool
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord593
ord300
ord594
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaBoolVar
ord520
__vbaStrFixstr
ord307
__vbaFPFix
ord309
__vbaRefVarAry
__vbaBoolVarNull
__vbaVarTstLt
__vbaFpR8
_CIsin
__vbaErase
ord631
ord709
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarCmpGt
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaVarAbs
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
__vbaNextEachCollVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
ord568
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaInputFile
ord712
__vbaPrintFile
__vbaStrToUnicode
ord713
ord606
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaI2Str
ord607
ord608
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord644
ord645
ord538
_CIlog
__vbaErrorOverflow
ord539
__vbaFileOpen
__vbaInStr
ord570
ord648
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord573
__vbaI4Str
ord681
__vbaFreeStrList
__vbaVarNot
__vbaVarCmpLt
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVerifyVarObj
__vbaFpI2
__vbaVarTstGe
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaCastObj
__vbaStrMove
ord618
__vbaI2ErrVar
__vbaAryCopy
ord619
__vbaStrVarCopy
__vbaForEachVar
ord542
ord543
_allmul
__vbaVarLateMemCallSt
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
ord547
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

kernel32

CloseHandle
CreateFileMappingA
GetFileSize
CreateFileW
DeviceIoControl
CreateFileA
GetLastError
SetPriorityClass
GetCurrentProcess
GetVersionExA
FreeLibrary
Sleep
LoadLibraryA
VirtualQuery
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcmpA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateProcess
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
MapViewOfFile
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
OpenEventA
LoadLibraryExA
LoadLibraryW
IsBadWritePtr
IsBadReadPtr
GetVersionExW
GetTickCount
GetThreadContext
GetTempPathW
GetSystemDirectoryW
GetSystemDirectoryA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeleteFileW
CreateThread
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateEventW
CreateEventA
MultiByteToWideChar
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetProcAddress
GetModuleHandleA
TerminateThread
OpenProcess
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
SetSecurityDescriptorDacl
LookupPrivilegeValueA
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
GetKernelObjectSecurity
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid

msimg32

TransparentBlt

user32

CloseDesktop
DispatchMessageA
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
GetKeyboardType
MessageBoxA
MessageBoxA

oleaut32

SysReAllocStringLen
SysFreeString

Exports

Exports

!l/z�ճ��_��\��7�J��,.4>M�� l*}�#��b��~�zV�=��Z�h�z��c�w��'/-`��p$%ރ7��s��[�~8�s�H�30� �� Z\p��T�Q��G�n��pS;<��em�_��e��G��z�*��[��q�d��D1�hTӃ��@��P5p#�v �~(lt?/�;��P�yj��H�z��WT�� 'm3?��^P]հ1X8��0bMHm�jΗD+Y�#�}��`@��n^I�@D��G=��f!�#��Ds�U;�� KJ��V&VBͣ%7��(a�oR�<}>�4$8�A\i��ѿZ�d��WB�W��m9��vlf�s>6��Ǵ��C�2r,.��+q�J|vY��tq�\jr��;Z�}��(U�Խ�ˬ�� [sh�b4�>��Ǒ��F�U|��޶��kr`��3FZ��M��4 �/� ��p %qecB~�%��g4��* �q�bX��C��0�#�Qi��iL�� Ԫ��nDBd��]��1��^�o�QH��A��#6�zl ��Ý�|��#��G*��#?�+-�3>M��,��Q{d ��} �o#�-�#ս�E絒�]��jē��/��ⱦAt�#x�2��s�5��P �;b�` :I�� 8�9��;�"A�wA��o��ˮ�mH�gFG#w�*��8�65�$�Ԡ��?����J��,��g��ܻ��? PXi��`;{M�K�/L�b�w�M&��遵��u��=(�U��e@sЋ'��}y�� j��ρ<�Lp+��ךv6{�{$��i�f�LP${��ܛG$��scX��MD�h�|��w�z��l�U{� -A��L ��a�)��oΠ>�w�%{�?��La�tR�:��W��ʶ�8r�+�N'��p��wӴ/��'[r�4�!%�G��p��ƒ�^��6��O �e��&*`!��Q��%��6�f��' �c:�?�m9��&w&҉��Ul��Ӽ��n��ΐh��ݢe��ƫ��e֖<[�>ٹ� '�g��|��`)��>kp�5��m ��_�� x��4-j�k�I�Q��y�L��5u4r XX/�{�ن�6},��kX��~�&t=Ev�f=��Ҝ�ǵ9��>ץXM��M��K�O��0`��-,��:ۭ� �'�vM�l��FU�Й�t�R�aS��gv:��G��O��<� ,O�yA�ҭS��z��֡�|�4gu��0RS]r��JX�է��j╤[c��2؁r|�?��H=v�zExr�;Ҟ��@�Z��(Lf��iYJ�os�`� ��zmd'�3�S��b`��P�(#v0)VC�=��O�Hĉ-%��iC��|O<��[8,2e�p��4+��ʯ�qȵ6��W�w�Ԗ��]!��:��U1�Y��RQA�i�o�d��*+橤�ӭ��vZ�`�2��k��Z�Ә��;j� ��r0�Ev��O��ႌDcA��8��H��1��x�4B�ͮ�]��j�S�(s)�S��B�g*^��ǟT�&�ǲ��r��>��W>2��%�cA�4~�� FS� �^U@B�]D�\X��K��n��*��aya !䩧ݝvQ��g�*�1�մQ&�'�� t��׈8��U﹝�x��1�u5t��`v2�*m6�\�� >�Α"L�(�ca�0��)�b�~�)�J�q�>sպ��\$NB�$�j��u|52�qP��V@B(d��5�' �kaLD($�I�h��q�qCg�D̑+��Vw�!��%�J�c��ն$}�3�*%)��?>an��L�<�j�~��d�c�B�Tz��"��lJ��8�@O'[M��l�OL�ߑm1��蛉��/7�tɠ�2��Ħ�F�h?��.��U`Xy��I)��04^]��9o��2ݪ�y�솴�vL]0"�S!3u�9s�M�j".��e.��9M��M\B�|�=�ؼ�I�4�@T>\�_S��S�T�-��V��=��\��`�_�{~�H�8�B��WԿs�c㝮v�jٞ��c`��XL.��{7 <��\�$� C�֏��xn��a�E��n��h�7 ��_�*��=�ZA�� j��8�J];@-m1�8�ْJ(_��Ǉ�0S�J�X�c��ߧ��Lw֓��~��ė�1�z�9b�fKNu��Ι�B��^�x?��a@��fj "]��_�*�Պ�lB��\8}m/�p�/�o?c��/�v��jW��Z�[��'N�d>b��@�5�TU��1��\�L�dBC��{�[�N�d��T�9{N6�G ��ais�U��i~��:��Xg�!�&A�j�� U�*�ߊ��+�e7��9ڥ��x�͡W��AٓRK쐶��Ɋ ��a"wþ��Y {�Ls��C@��٘L��_t�3ՓFN�yʲ<9�!$�(�HD�s۠Ř�3� ��rn˭&g��?��A��5�.�8_"LDlT��R�T�� t� N`�Ogh�=O��~7��Q��W1�(h�,��#��&��l]�4��`(�� f�B��߫�l ��Ac��G��u�ή<z?�m�ߣ�6St��#��.� ��e�X��Bc|$�G?�6#GĒr`34KlL��S6*�EC,+_Ru��ܓ��i��4� hk)��qi��c��Lm�9��""��+��#�?Ը�a�� hVJ�P��$��-�ڱ~�|?�4��X__��6�*�DN|dI��d~&D7��k��;w�1��Xi�� o��`r�2

Sections

.text
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0
Size: - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

128809360b796bd3b00cf6a01e181081

Headers

DLL Characteristics

File Characteristics

Imports

msvbvm60

kernel32

advapi32

msimg32

user32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 4.5MB

CODE Size: - Virtual size: 112KB

.data Size: - Virtual size: 46KB

DATA Size: - Virtual size: 3KB

BSS Size: - Virtual size: 2KB

.rsrc Size: 153KB - Virtual size: 181KB

0 Size: - Virtual size: 618KB

.tls Size: 512B - Virtual size: 24B

1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 512B - Virtual size: 188B

.text
Size: - Virtual size: 4.5MB

CODE
Size: - Virtual size: 112KB

.data
Size: - Virtual size: 46KB

DATA
Size: - Virtual size: 3KB

BSS
Size: - Virtual size: 2KB

.rsrc
Size: 153KB - Virtual size: 181KB

0
Size: - Virtual size: 618KB

.tls
Size: 512B - Virtual size: 24B

1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 512B - Virtual size: 188B