a68cba68a0f74fdf960469e3d57f6493_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a68cba68a0f74fdf960469e3d57f6493_JaffaCakes118
Size

107KB
MD5

a68cba68a0f74fdf960469e3d57f6493
SHA1

14704bb88fc5f1a16fb47804a9f7945ea3b66a48
SHA256

ae23c4d6d58ec23cbda5ab63563acf5c1ed930bf6aaa9596d38b5fd6afd0175f
SHA512

ee49c8b0964d0c6d6cbf819162ec6cf813cbbd3628fec7a4a8baea3112a65bd4ba9faaed00c9d1ddd8ec2fc6da545359b5f9325eaa2e227f355d20ccce8f3c70
SSDEEP

1536:s8k9FuVrRPYiADPCPTPMIb/PThjZRKQjCLDMTA5fIDamjf87FaO9MH/roximOR:FkncS0bMIP8QlU5ADF1OKkxIR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/botz.exe

Files

a68cba68a0f74fdf960469e3d57f6493_JaffaCakes118
.rar
Form1.frm
.vbs
Form1.frx
Globals.frm
botz.PDM
botz.exe
.exe windows:4 windows x86 arch:x86

96e55b5fce1d6af95abd24f25b72f977

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord582
ord583
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaI2Abs
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarForInit
__vbaVarPow
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarAbs
ord528
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaR4Str
DllFunctionCall
__vbaVarOr
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStrUI1
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaI2Str
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
ord614
__vbaFpI2
__vbaVarCopy
__vbaFpI4
ord616
_CIatan
__vbaCastObj
__vbaStrMove
__vbaUI1Str
_allmul
__vbaLateIdSt
_CItan
__vbaUI1Var
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
botz.vbp
botz.vbw
data/instructions.txt
data/下载说明.htm
.html .js polyglot
declares.bas
.vbs
frmAbout.frm
.vbs
frmAbout.frx
images/addwheel.bmp
images/addwheeldis.bmp
images/botz.ico
images/boxes.bmp
images/construct.bmp
images/construct2.bmp
images/construct3.bmp
images/delete.bmp
images/deletedis.bmp
images/globals1.bmp
images/logoongray.bmp
images/logoongray2.bmp
images/new.bmp
images/open.bmp
images/pspbrwse.jbf
images/save.bmp
images/simulate.bmp
images/simulate3.bmp
images/terrain.bmp
images/terraindis.bmp
images/terrainon.bmp
images/下载说明.htm
.html .js polyglot
presets/AntiGrav.botz
presets/Dancer.botz
presets/MuscleDemo.botz
presets/jumper.botz
presets/spike-ball.botz
presets/unicycle.botz
presets/walker.botz
presets/下载说明.htm
.html .js polyglot
resume.botz
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

96e55b5fce1d6af95abd24f25b72f977

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 124KB - Virtual size: 120KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 120KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 8KB