6ef1879aa592466d56ae49b84514c8b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6ef1879aa592466d56ae49b84514c8b1_JaffaCakes118
Size

44KB
MD5

6ef1879aa592466d56ae49b84514c8b1
SHA1

f2fc7cc6125adf1c75980ac2fb2a75b5ef589e19
SHA256

fda95833bba5a25c7298fc06bbe3311ca41c1278c3cf5acd48b8182cd96e1988
SHA512

8535fb024ec08e0df6d9504364b34f7c29741b87caffe615a97ad23134c4cf9c4761e811c0570e5a95396afad09a6b98d96e0c3e1e5186cb868fd9a2f6d5fe23
SSDEEP

768:JLeci5VZdT4uqyEP5s6sKsLiv9ObM1Op6JX/lBcNYcR6OSDq+4cDMMPRjQ0JTqc:JBeEu+Bh5971vX/PILR6rVlpjHJTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VoiceChat.exe
unpack001/WaveStream.dll

Files

6ef1879aa592466d56ae49b84514c8b1_JaffaCakes118
.rar
ACM_DEFS.BAS
CHAT.FRX
CHAT_DEF.BAS
CHAT_FUN.BAS
.vbs
TCP_DEFS.BAS
TCP_FUNC.BAS
.vbs
VOICE.RES
VoiceChat.exe
.exe windows:4 windows x86 arch:x86

76dec7e383b625a282e0faaf23c78f8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord629
ord660
ord300
ord595
ord598
ord305
ord306
ord632
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
ord716
ord717
ProcCallEngine
ord573
ord685
ord100
ord613
ord581

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Voicecht.vbp
Voicecht.vbw
WAVESTRM/ACM_DEFS.BAS
WAVESTRM/下载说明.htm
.html .js polyglot
WaveStream.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b6fb7f05e87086f04cc9c6a63e4f5c13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

MethCallEngine
ord629
ord592
ord300
ord301
ord595
ord598
ord306
ord307
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord536
ord573
ord685
ord101
ord102
ord103
ord104
ord105

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chat.frm
.vbs
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

76dec7e383b625a282e0faaf23c78f8c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 32KB

.data Size: - Virtual size: 2KB

.rsrc Size: 20KB - Virtual size: 16KB

b6fb7f05e87086f04cc9c6a63e4f5c13

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 32KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB