b83dd2d53f217c2deed24118327a4061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b83dd2d53f217c2deed24118327a4061_JaffaCakes118
Size

4.8MB
MD5

b83dd2d53f217c2deed24118327a4061
SHA1

4df7b24c5f184fbf64f3b381c623f73ea0568e90
SHA256

44a88d46120e9f73f3729c4f4161a7baa5d494c8f4658beb61572be0c834cd5a
SHA512

185798ded6f5ce8db0ba789273dc2faba83cd82a70321cf039cd15e728641ed0d49bc844b753405e2130a89a200ea3df88327b08c10a0d1bd4246556736f79f1
SSDEEP

98304:FXbJLbRWrJ9XyFNsFykujPgHSueBm2oUnu7z5tSCUA2D:FdLbRWrJ9XyFNsFykuCu1nA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b83dd2d53f217c2deed24118327a4061_JaffaCakes118

Files

b83dd2d53f217c2deed24118327a4061_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6057a73adc59a0e85318de895d329233

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

GetTempPathA
RtlMoveMemory
CreateMutexA
LoadLibraryA
FreeLibrary
WinExec
CloseHandle
GetVersionExA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
OpenProcess
GetExitCodeProcess
TerminateProcess

oleaut32

SysAllocString
SystemTimeToVariantTime

ole32

CLSIDFromString
CoTaskMemFree

shell32

ShellExecuteA

user32

SetWindowPos
MessageBoxA
GetDesktopWindow
LoadStringA
IsWindowVisible
ShowWindow

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarTextCmpGt
ord626
ord519
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
ord553
__vbaWriteFile
__vbaVarTextTstEq
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord591
EVENT_SINK2_Release
__vbaForEachCollObj
ord593
__vbaExitProc
__vbaI4Abs
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
ord520
__vbaBoolVar
__vbaForEachCollVar
ord307
__vbaStrTextCmp
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
ord631
__vbaVargVarMove
__vbaNextEachCollObj
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaExitEachColl
__vbaAryConstruct2
__vbaDateR8
__vbaObjVar
ord561
__vbaNextEachCollVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
ord563
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaVarSetUnk
__vbaNew
__vbaVarTextTstNe
ord600
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarTextCmpEq
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
ord605
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaLateIdStAd
ord609
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord536
ord537
ord644
ord538
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
__vbaVarTextTstGt
_adj_fdivr_m32
__vbaPowerR8
ord577
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVerifyVarObj
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
ord545
_CItan
ord546
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6057a73adc59a0e85318de895d329233

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

ole32

shell32

user32

msvbvm60

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 42KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 42KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB