b0424e2a4583d67983df302278f376ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0424e2a4583d67983df302278f376ce_JaffaCakes118
Size

67KB
MD5

b0424e2a4583d67983df302278f376ce
SHA1

f3c0c9165b001889c886a7680036992816eda918
SHA256

e72068e57289e278bc1b5329c4aa90c634c3627215618730516c9f89e55dd130
SHA512

2f2caa7b97c72160740ba1208ee61f927300b095c7416f231438eb38392bde0aa5467237ca354e3eea4a87aecc0165a7de99a01e6c193032fe6a2f17fc5ef733
SSDEEP

1536:yTjGxKPHTcUvJRKm80xc+5yIIlAhJ40EZA0ZfsmQ1On:yTj6mzBRKmvsAhHEC0Z0O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/burro.exe

Files

b0424e2a4583d67983df302278f376ce_JaffaCakes118
.rar
AddEditDir.frm
Balk.cls
Burro.vbp
Burro.vbw
FTPServ.ico
FindFolder.frm
.vbs
FindFolder.frx
FndFile.bas
.vbs
MSSCCPRJ.SCC
MainApp.cls
Profiles.bas
.vbs
UserOpts.frm
.vbs
UserOpts.frx
VBSOCK.BAS
.vbs
WindProc.bas
.vbs
Winsock.bas
burro.exe
.exe windows:4 windows x86 arch:x86

02d961a28975522feeb677f411a89ee3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaAptOffset
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
__vbaStrFixstr
ord520
__vbaBoolVarNull
_CIsin
ord709
ord631
ord632
__vbaVargVarMove
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaGet3
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord607
ord530
ord608
ord609
ord716
ord531
__vbaFPException
ord532
__vbaInStrVar
__vbaUbound
ord533
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord536
ord537
ord645
_CIlog
__vbaErrorOverflow
ord647
__vbaFileOpen
ord570
__vbaInStr
__vbaR8Str
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaI4Var
__vbaVarCmpEq
ord611
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaFpI4
ord616
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord618
ord619
__vbaR8IntI4
ord650
_allmul
ord651
_CItan
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
burro.ini
frmFtp.frm
.vbs
frmFtp.frx
frmProcess.frm
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

02d961a28975522feeb677f411a89ee3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 128KB - Virtual size: 126KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 128KB - Virtual size: 126KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB