b565d44e6747f50e6e59d6f0ca58e91e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b565d44e6747f50e6e59d6f0ca58e91e_JaffaCakes118
Size

98KB
MD5

b565d44e6747f50e6e59d6f0ca58e91e
SHA1

1fde20e8c2fda472c0f0073c9524d0c03157e9cc
SHA256

e4ff051fdf41fa2c0296292a0bd5939f22f49cdb58b25e6d38502e55778a3397
SHA512

5efc8e6c3e8b21bfbff869b527f4fed8c70ba7fe31addd9d8d5500635089e848c9efed2c065ff888a48df0d85ac915eac748e5b76de07ca9527471afaa6bd027
SSDEEP

1536:pce3fxDX8O0EB/E0nt9P7ujs7n3zVniRUjO51JeU36Eb7cgH1y3Q:jDX8yEetRCg7YRUjGbIgH1yQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Project Booking No. 20009500.exe

Files

b565d44e6747f50e6e59d6f0ca58e91e_JaffaCakes118
.eml
- http://www.nsbs.bg/
Project Booking No. 20009500.gz
.gz
Project Booking No. 20009500.exe
.exe windows:4 windows x86 arch:x86

462f3a0d27b2b545ff81f0f275cb819b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
ord693
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
ord589
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaLateMemSt
__vbaObjSet
__vbaCyAdd
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord705
ord522
ord523
__vbaFpR8
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaR4Str
__vbaObjVar
DllFunctionCall
ord670
ord673
_adj_fpatan
ord675
__vbaLateIdCallLd
ord569
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaVar2Vec
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord574
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
ord611
__vbaLateMemCall
__vbaVarDup
ord615
__vbaFpI4
ord616
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaUI1Str
__vbaCastObj
ord542
ord650
_allmul
__vbaLateIdSt
_CItan
ord547
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
blocked.gif
.gif
email-html-2.txt
.html
email-plain-1.txt

Sharing

General

Malware Config

Signatures

Files

462f3a0d27b2b545ff81f0f275cb819b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB