78e687ca7b5e7c84952c8d01753ffcee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

78e687ca7b5e7c84952c8d01753ffcee_JaffaCakes118
Size

281KB
MD5

78e687ca7b5e7c84952c8d01753ffcee
SHA1

682ca566b088002b7c9d8e8b8bc6088a629797b1
SHA256

e88c007b2e266831e0d8eac4e49fe163991873e241e40b96d9d7d3d71fa0f18e
SHA512

68955b351dd33d39edb1bfd4c472f0ec375ac2868aa16122eb72f982aec8a374b01ab11eb113ec5021e033df9845440bccd541f982a62d93e053fa5e31f1e1ad
SSDEEP

6144:giqK0cWMf7kCfX1S/bbZ/+r7dqGaYhaP77EeWog/x1dlW/:rWWJfX1obor7nhaPXE/M

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Binedit.exe
unpack001/richtx32.ocx

Files

78e687ca7b5e7c84952c8d01753ffcee_JaffaCakes118
.zip
Binedit.exe
.exe windows:4 windows x86 arch:x86

3bab2cc271b88341bb3bc8b7f0cdbd1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
ord691
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord694
__vbaAryMove
__vbaCyMul
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaI2Abs
ord550
__vbaResume
__vbaCopyBytes
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
ord552
__vbaError
__vbaBoolErrVar
ord553
__vbaLsetFixstr
ord554
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord556
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaCyErrVar
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
ord592
__vbaStrBool
__vbaBoolStr
__vbaVarForInit
__vbaExitProc
ord300
ord595
__vbaObjSet
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
__vbaVarIndexStoreObj
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaBoolVar
ord309
__vbaBoolVarNull
__vbaRefVarAry
__vbaVarTstLt
_CIsin
ord631
__vbaErase
__vbaVarCmpGt
__vbaVargVarMove
ord525
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
__vbaCyVar
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaGet3
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaDateR8
__vbaCyI4
ord561
__vbaPrintObj
__vbaObjVar
__vbaNextEachCollVar
__vbaI2I4
ord562
DllFunctionCall
ord563
ord670
__vbaVarLateMemSt
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaRedimVar
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaR4ErrVar
__vbaDateStr
ord606
ord713
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaI2Str
__vbaFailedFriend
__vbaVarDiv
ord607
ord530
ord608
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaCheckType
__vbaI2Var
ord644
ord645
ord538
_CIlog
ord646
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
ord570
__vbaR8Str
__vbaVar2Vec
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
ord577
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVerifyVarObj
__vbaFpI2
ord616
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
__vbaI2ErrVar
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord541
ord619
__vbaI4Cy
__vbaForEachVar
ord542
ord543
_allmul
ord651
ord544
__vbaLateIdSt
ord545
ord652
_CItan
ord546
__vbaNextEachCollAd
ord547
__vbaAryUnlock
ord548
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
richtx32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 67KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bab2cc271b88341bb3bc8b7f0cdbd1e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 692KB - Virtual size: 690KB

.data Size: 4KB - Virtual size: 45KB

.rsrc Size: 8KB - Virtual size: 4KB

aaca01ab2cd35af160b8025e9dcfad9f

Headers

File Characteristics

Imports

shell32

oledlg

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 67KB - Virtual size: 80KB

.text
Size: 692KB - Virtual size: 690KB

.data
Size: 4KB - Virtual size: 45KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 67KB - Virtual size: 80KB