b8a41a889ed479e5491312e88790978c_JaffaCakes118

General

Target

b8a41a889ed479e5491312e88790978c_JaffaCakes118
Size

2.3MB
MD5

b8a41a889ed479e5491312e88790978c
SHA1

c9d16fface84fd7151004c82dbf427d88cb10bf2
SHA256

0d57a724d56e200ee442f2231b60741c80b31b84b1afc9e171a97b28db9e2d55
SHA512

60378ce16fcdeef8896bdf50ff0790324c2027e2d59a3b5d5927f0707e8150206deecc876a7dc17e9aea653e431f5b435faba2a35202e2ce60324bcba6006da1
SSDEEP

49152:7TF+t4G1X9tQbvbT7FY8+Bm2sDc6DHUdby+ZA1:7TF+t1GbvP7b+KZHsW+Z0

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8a41a889ed479e5491312e88790978c_JaffaCakes118

Files

b8a41a889ed479e5491312e88790978c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7c254b38567297cc025f049600040fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord621
__vbaFreeObjList
ord516
__vbaGetFxStr4
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaI4Sgn
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
ord667
__vbaAryDestruct
__vbaExitProc
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
ord570
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7c254b38567297cc025f049600040fd

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.text
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB