3045429fa224cafaec9ad20f92b8de33_JaffaCakes118

General

Target

3045429fa224cafaec9ad20f92b8de33_JaffaCakes118
Size

888KB
MD5

3045429fa224cafaec9ad20f92b8de33
SHA1

e716005483314f7af69d2ba6101b44c78dc55869
SHA256

c8f6b035c7c5dc6a9527c5220be3d3b7bca9dd10e5e0db3799ddd08c3c364713
SHA512

46826e04fb8ccb37e66e0d94104d7809f4c0104272b980d5709f7c36abe2d5f9ae040dca2da891eb66ee83e55e44a8504cae6afe186b001b534c244dace80719
SSDEEP

12288:tIs9NVN7Ss9NVj0d+f8gmF2AopF0qTDV5q7XlqtQj3:tIs9ND7Ss9NNsF2AeF0QDVY7Xb

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3045429fa224cafaec9ad20f92b8de33_JaffaCakes118

Files

3045429fa224cafaec9ad20f92b8de33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67326d5242a6b3135a76ae54750b07b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
__vbaVargVar
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaInStrVar
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
ord580
__vbaFreeStr

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67326d5242a6b3135a76ae54750b07b9

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 208KB - Virtual size: 205KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 672KB - Virtual size: 669KB

.text
Size: 208KB - Virtual size: 205KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 672KB - Virtual size: 669KB