a4bab7051457512585c82d5153906869_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4bab7051457512585c82d5153906869_JaffaCakes118
Size

74KB
MD5

a4bab7051457512585c82d5153906869
SHA1

4cc5a0e0b39b0140ad3308c014e2a00ca88c6ad2
SHA256

7fbb954f8f120401383f1af3a9107ff60991d87d7da05cdd6b310a61a768c853
SHA512

5c1b7fd85ecdb622268fbccc8e482f64d68047624acf9f83cfd0cc8e24d07e26238adae6a41ecd9275b100f25d19537f008b275525f44c0dbaedd43de09e3394
SSDEEP

1536:HAPb+/vXlMXueprf99hTOhBX29lEHpCmAJucqXCpwX4M7Vc2HLj:Heb+nVehVUhBXcM6JlqSyX57W4Lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WretchXDv.exe

Files

a4bab7051457512585c82d5153906869_JaffaCakes118
.rar
WretchXDv.exe
.exe windows:4 windows x86 arch:x86

66807cdc7a7f860048e885b3088e4b9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
__vbaGetFxStr3
__vbaStrErrVarCopy
_adj_fprem1
ord518
ord626
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord592
__vbaVarForInit
ord593
__vbaForEachCollObj
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaFpR4
ord520
__vbaStrFixstr
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
__vbaVargVar
_CIsin
ord631
__vbaErase
ord525
__vbaVarCmpGt
__vbaNextEachCollObj
ord632
__vbaVarZero
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaExitEachColl
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaDateR8
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaVarLateMemSt
ord670
__vbaFpUI1
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
__vbaVarCat
__vbaDateVar
__vbaCheckType
ord535
__vbaI2Var
ord644
__vbaFileSeek
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaInStr
__vbaNew2
__vbaR8Str
__vbaVar2Vec
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaVarSetObj
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord616
__vbaVarCopy
__vbaVarTstGe
__vbaFpI4
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
__vbaStrVarCopy
ord619
__vbaForEachVar
_allmul
_CItan
__vbaNextEachCollAd
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66807cdc7a7f860048e885b3088e4b9f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 248KB - Virtual size: 245KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 248KB - Virtual size: 245KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB