c8370bdb1612a64f43bf8afc7df625a8_JaffaCakes118

General

Target

c8370bdb1612a64f43bf8afc7df625a8_JaffaCakes118
Size

88KB
MD5

c8370bdb1612a64f43bf8afc7df625a8
SHA1

9df893c87af58fd73360a971275583892c56fefd
SHA256

4ba554e4bc32611d94c8bbb839b5771a335c8e32405ff16eb194e71ccb59d8ac
SHA512

6559ed44d534022c21eb9bc70b28f1243a8778dea9fd9b111c0bfa7cad182ef8673679eb761a850c90c57749833bd91ea43f4d0c2afe9e628bc9364d87687783
SSDEEP

1536:/Z1ZGiyT3Os5WNaQOjgiZFmOlpCrq1/ubZTxT9r7V:9GiyLHzQcgq/Iq1/yTxT9r7V

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8370bdb1612a64f43bf8afc7df625a8_JaffaCakes118

Files

c8370bdb1612a64f43bf8afc7df625a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db7792a49a1ab3606831d217f73f6cba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
ord600
ord601
_CIsqrt
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db7792a49a1ab3606831d217f73f6cba

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 948B

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 948B

.rsrc
Size: 56KB - Virtual size: 53KB