b2ff197824a6540f45dda42090ecd714_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2ff197824a6540f45dda42090ecd714_JaffaCakes118
Size

251KB
MD5

b2ff197824a6540f45dda42090ecd714
SHA1

f51bc135791b46ca8014a8e902ae430991098f4c
SHA256

856af81502862fb04e1310c5e12d63f49995ca39463babbb901ee49d3db9821a
SHA512

323813ee793cdda3b5b2355663cf56f76515be1672b9da3aa17f9c38ced499499f3bf3755fe9055111665bd08911523b70ec92b59ba01f0c69daaa083a22eda8
SSDEEP

3072:Ckky0TVXIT/1LDxAlnGGnuQldifq8g7ek+Iop2Q011e4l:COkdIT/9iJGGnzlyq/7e172Qy1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2ff197824a6540f45dda42090ecd714_JaffaCakes118

Files

b2ff197824a6540f45dda42090ecd714_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf3f5d7a4e2ca22ae9db90e9ecb4cc0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
__vbaVarTextTstLt
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaLsetFixstr
__vbaVarTextTstEq
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaCyErrVar
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaStrFixstr
__vbaStrTextCmp
__vbaBoolVarNull
_CIsin
__vbaVargVarMove
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaR4Str
__vbaPrintObj
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaVarTextTstNe
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaFailedFriend
__vbaI2Str
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
__vbaVarTextTstGt
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarCopy
_CIatan
__vbaCastObj
__vbaI2ErrVar
__vbaAryCopy
__vbaUI1Str
__vbaStrMove
__vbaStrVarCopy
__vbaR8IntI4
_allmul
__vbaLateIdSt
__vbaVarTextCmpNe
_CItan
__vbaUI1Var
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Sections

UPX0
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf3f5d7a4e2ca22ae9db90e9ecb4cc0c

Headers

File Characteristics

Imports

msvbvm60

Sections

UPX0 Size: 244KB - Virtual size: 244KB

.rsrc Size: 3KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 244KB - Virtual size: 244KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB