faffd1e1909ad356aeff0c73d9baab66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

faffd1e1909ad356aeff0c73d9baab66_JaffaCakes118
Size

1.0MB
MD5

faffd1e1909ad356aeff0c73d9baab66
SHA1

0fde24fcdf53d295b91c5f316ea7626352eded45
SHA256

6cb498ef523475cfe9115f1608c8640a6239e5742c2e6c1b3b37338d3a3afaf3
SHA512

5f8da6e644f1c60cdea6e03886e7b8377784500591dd7ee191d0d008d0f929cc3d2696b46ac15b61b76748a0b04eac3909a1be14956bcafb8e66a6e32a1ff6c1
SSDEEP

24576:Uoju6lj+fuI5J3iawZXJY4q9pfN3/AIuGp:O6N+zJ3iawZDqffN3Ht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faffd1e1909ad356aeff0c73d9baab66_JaffaCakes118

Files

faffd1e1909ad356aeff0c73d9baab66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ee7038b0a883e21ffdeb769ea761941

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegDeleteValueA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFileInfoA
ShellExecuteA

gdi32

SelectObject
GetDeviceCaps
DeleteDC
CreateRoundRectRgn
CreateSolidBrush
CreateCompatibleDC
CreateDIBSection
DeleteObject
BitBlt

user32

DestroyIcon
GetWindowRect
GetDesktopWindow
ReleaseCapture
SetWindowsHookExA
FindWindowA
FillRect
SetParent
GetKeyState
UnhookWindowsHookEx
SetWindowRgn
SendMessageTimeoutA
SetWindowTextA
ClientToScreen
MoveWindow
OffsetRect
DrawTextA
IsIconic
SystemParametersInfoA
ReleaseDC
GetWindowPlacement
PostMessageA
CopyRect
ShowWindow
GetDC
CallNextHookEx
SetSysColors
GetAsyncKeyState
IsWindowEnabled
OpenIcon
DrawEdge
GetForegroundWindow
GetClientRect
GetCursorPos

kernel32

GetSystemDirectoryA
SetCurrentDirectoryA
RtlMoveMemory
WaitForSingleObject
GlobalFree
FileTimeToLocalFileTime
CopyFileA
FileTimeToSystemTime
GetWindowsDirectoryA
GetDriveTypeA
GetVersion
Sleep
SystemTimeToFileTime
CloseHandle
GlobalAlloc
LocalFileTimeToFileTime
OpenProcess
GetCurrentThreadId
TerminateProcess
DeleteFileA
GlobalLock
GetComputerNameA

winmm

mixerClose
mixerOpen

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaCyMul
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaVarIdiv
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaAryRecMove
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
ord519
__vbaI2Abs
ord550
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
ord660
ord553
__vbaCyInt
__vbaLsetFixstr
__vbaRecDestruct
ord661
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord591
EVENT_SINK2_Release
__vbaStrBool
__vbaBoolStr
__vbaForEachCollObj
ord593
__vbaExitProc
__vbaVarForInit
ord300
ord301
__vbaCyAdd
ord595
__vbaObjSet
__vbaOnError
ord302
_adj_fdiv_m16i
ord303
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaCyStr
ord599
__vbaFpR4
ord306
__vbaBoolVar
__vbaStrFixstr
ord520
ord307
ord308
__vbaFPFix
ord309
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
__vbaVarZero
__vbaLateMemStAd
__vbaNextEachCollObj
ord525
ord632
__vbaChkstk
__vbaI2Cy
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
ord529
__vbaCyI2
__vbaExitEachColl
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaR4Str
ord560
__vbaDateR8
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaCySub
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaRedimVar
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
ord710
__vbaFpCmpCy
__vbaStrUI1
__vbaExceptHandler
ord711
__vbaPrintFile
ord605
__vbaStrToUnicode
ord712
ord713
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord607
__vbaI2Str
ord714
ord608
ord530
ord715
ord716
__vbaFPException
ord717
ord319
ord533
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaCheckType
ord535
__vbaI2Var
ord536
__vbaLsetFixstrFree
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord647
__vbaVar2Vec
__vbaVarLateMemCallLdRf
ord648
__vbaR8Str
__vbaNew2
__vbaInStr
ord571
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaVerifyVarObj
__vbaFpI2
__vbaVarCopy
__vbaUnkVar
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaRecDestructAnsi
__vbaCyAbs
ord617
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaI2ErrVar
__vbaCastObj
ord618
__vbaStrMove
__vbaAryCopy
ord619
__vbaR8IntI4
__vbaI4Cy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
__vbaAryRecCopy
ord545
_CItan
ord546
__vbaNextEachCollAd
ord547
__vbaAryUnlock
__vbaFPInt
ord548
__vbaFpCSngR8
__vbaVarForNext
_CIexp
__vbaStrCy
__vbaMidStmtBstr
__vbaRecAssign
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee7038b0a883e21ffdeb769ea761941

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

user32

kernel32

winmm

msvbvm60

Sections

.text Size: 960KB - Virtual size: 959KB

.data Size: 4KB - Virtual size: 30KB

.rsrc Size: 80KB - Virtual size: 79KB

.text
Size: 960KB - Virtual size: 959KB

.data
Size: 4KB - Virtual size: 30KB

.rsrc
Size: 80KB - Virtual size: 79KB