5bf91fb2fca04ac5307506e4cd7eb81a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bf91fb2fca04ac5307506e4cd7eb81a_JaffaCakes118
Size

388KB
MD5

5bf91fb2fca04ac5307506e4cd7eb81a
SHA1

a36a6307c4c6cb9b27963edd39de43cbe627f066
SHA256

a51ef130e8bc3f10d194f2322fa7aa4c73ecf0a91d323227dde720dfe766f367
SHA512

cf350cb0d99c22f6b95649d629d2bb6212bb831c26d0a0267bbd82a8971c062eb211816d7e3eb1b8fd28eb80c4607cb14efe56da74e0df640d99de967341b17d
SSDEEP

12288:94mXnOUXI/YG5nO1ob97MPdAGX40uWRLrD2O2fCc:9Dh4//A1O7MPdAGI0XLrDO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TrashReg.exe

Files

5bf91fb2fca04ac5307506e4cd7eb81a_JaffaCakes118
.zip
DelSettings.reg
DisableNewSearches.reg
Help/rtkf_rus.chm
.chm
ReadMe.Rus.txt
TrashReg.exe
.exe windows:4 windows x86 arch:x86

89231130cf925a5dd43069edce3c5f98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExcludeClipRect

oleaut32

SysAllocStringLen

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA

kernel32

SetEnvironmentVariableA
GetCurrentProcess
RtlMoveMemory
SetFileAttributesA
FreeLibrary
ExpandEnvironmentStringsA
lstrlenW
GetEnvironmentVariableA
OutputDebugStringA
DeleteFileA
WriteFile
VirtualProtect
ExitProcess

user32

SetWindowPos
LoadImageA
GetWindowRect
GetMenuItemCount
MoveWindow
DestroyWindow
ReleaseDC
IsWindowVisible
ShowWindow
GetSystemMetrics
SetRect
GetWindow
GetWindowDC
GetClientRect

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
__vbaNextEachAry
ord691
_CIcos
_adj_fptan
ord692
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaPut3
ord697
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI4Sgn
__vbaCopyBytes
__vbaStrCat
ord553
__vbaLsetFixstr
__vbaBoolErrVar
ord660
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
ord556
ord665
__vbaLenVar
ord558
_adj_fdiv_m32
ord667
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
ord669
ord592
__vbaForEachCollObj
__vbaBoolStr
__vbaVarForInit
ord593
__vbaExitProc
ord301
__vbaStrLike
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVar
ord307
ord521
__vbaStrTextCmp
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
VarPtr
ord709
__vbaErase
ord631
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaVarZero
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
ord529
__vbaStrCmp
__vbaGet4
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaStrTextLike
__vbaCyI4
ord560
ord561
__vbaVarLikeVar
__vbaNextEachCollVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaGosub
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord534
__vbaCheckType
__vbaDateVar
ord535
__vbaI2Var
ord536
ord644
ord537
ord538
ord645
_CIlog
ord539
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
__vbaCyMulI2
__vbaVarTextLikeVar
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaForEachAry
__vbaVarCmpEq
ord689
ord610
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
ord321
__vbaAryVarVarg
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
ord618
__vbaI4Cy
ord619
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
ord652
ord545
__vbaAryRecCopy
_CItan
ord546
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TrashRegX64.cmd

Sharing

General

Malware Config

Signatures

Files

89231130cf925a5dd43069edce3c5f98

Headers

File Characteristics

Imports

gdi32

oleaut32

advapi32

kernel32

user32

msvbvm60

Sections

.text Size: - Virtual size: 530KB

.data Size: - Virtual size: 17KB

.rsrc Size: 20KB - Virtual size: 46KB

.data0 Size: - Virtual size: 136KB

.data1 Size: 356KB - Virtual size: 353KB

.reloc Size: 4KB - Virtual size: 64B

.text
Size: - Virtual size: 530KB

.data
Size: - Virtual size: 17KB

.rsrc
Size: 20KB - Virtual size: 46KB

.data0
Size: - Virtual size: 136KB

.data1
Size: 356KB - Virtual size: 353KB

.reloc
Size: 4KB - Virtual size: 64B