3c91ec393b257e319c77907bd9e4e15b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c91ec393b257e319c77907bd9e4e15b_JaffaCakes118
Size

192KB
MD5

3c91ec393b257e319c77907bd9e4e15b
SHA1

4a97caf8faedf2a57f9f63932bc30ee96a131064
SHA256

f35f2d759e551ac9fd7ca1b016d262743e064a3a929a9b86ab597deee9c4578c
SHA512

2254177ed79c3093f2ec3327d31e4e236e9c16874e0b150e16aec64f59ef3a4b1786d50148ea9a7962fe57e665c5e77c89e78db47e03f80cd97e22bb0b873f5a
SSDEEP

3072:WPfwkmrsNbe9tJjPfwkmrsNbMO7tJ8MmJT82Qcgq/Iq1/yTxT9r7V:WPJpGPPJpHRmJTjQMIq1/Q

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c91ec393b257e319c77907bd9e4e15b_JaffaCakes118

Files

3c91ec393b257e319c77907bd9e4e15b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32c424c77dfd557d3a2926b7fd3b3af9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaPutOwner3
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
ord619
__vbaPutFxStr4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ