006de49da7a91ceb09cda19b0a15e8d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

006de49da7a91ceb09cda19b0a15e8d9_JaffaCakes118
Size

30KB
MD5

006de49da7a91ceb09cda19b0a15e8d9
SHA1

402bc192024889ebcd478c644cb8837f1df969ca
SHA256

ec7f15f1cddc7812a995c42251b5e038fa3551337e109898ff7134225ee130a3
SHA512

6d7dbd6aa611efc416ae6eca4fd2ad63f442a56e26c4e395faf3cbb3d328b5992df5e86e5d2840cbc1af72bcf3954859986227840f65892c82bff98d20a45eb0
SSDEEP

768:XOFAvE8t32osm8KzZrQgiaPBw15qjXr6zye5JBkE2o01:X3EaG3JKzhQgiaPkqTrUyWjkEA1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TCLoggerV2.0/Mail.dll
unpack001/TCLoggerV2.0/TCLogger.exe

Files

006de49da7a91ceb09cda19b0a15e8d9_JaffaCakes118
.zip
TCLoggerV2.0/Mail.dll
.dll windows:4 windows x86 arch:x86

5d2f5abeca268ec50902fd2ebeb9c4ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvbvm60

__vbaVarTstGt

Exports

Exports

GetError
SendMail

Sections

.text
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TCLoggerV2.0/TCLogger.exe
.exe windows:4 windows x86 arch:x86

1111710fc83a13367261edd8b68b4968

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord517
ord519
ord553
ord595
ord631
ord709
ord526
EVENT_SINK_AddRef
DllFunctionCall
ord670
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord606
ord531
ord717
ProcCallEngine
ord644
ord537
ord645
ord681
ord685
ord100
ord579
ord689
ord610
ord612
ord616
ord617
ord618
ord542
ord543
ord544
ord545
ord547
ord580
ord581

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCLoggerV2.0/ȱض.txt
˵.htm
.html

Sharing

General

Malware Config

Signatures

Files

5d2f5abeca268ec50902fd2ebeb9c4ed

Headers

File Characteristics

Imports

kernel32

msvbvm60

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 32KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

1111710fc83a13367261edd8b68b4968

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 52KB - Virtual size: 50KB

.data Size: - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 32KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.data
Size: - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 4KB