05fcc50e35c5aeffbf11167d0e91b332_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05fcc50e35c5aeffbf11167d0e91b332_JaffaCakes118
Size

2.2MB
MD5

05fcc50e35c5aeffbf11167d0e91b332
SHA1

fdb5ee10853fc3a49581ba841e69b5934e3bd18c
SHA256

229ab87d9ae35032d4f71c965dbe1f875cd932b5f8f5683ff5cb754786f5f3cf
SHA512

a8e69fb862522e0ddb2ed0437fd28a4637f8ae5b2225fed48258c2ac23b0c68b845d5066efb7a31e1b916d8f5952f82a2d538d2325aef81b543b255ecb38b5d2
SSDEEP

49152:4nOqdDZAX6EAnhsZuFMl4tKE8E1xGDgUcx3HuCZ10DUmbySEwJBNHLA:hqxZAXKnhswyw8xA3TTm+G1A

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bytbpbb.exe
unpack002/pbb.exe

Files

05fcc50e35c5aeffbf11167d0e91b332_JaffaCakes118
.zip
bytbpbb.gz
.rar
bytbpbb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 326KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

code
Size: 2.1MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pbb.exe
.exe windows:4 windows x86 arch:x86

ad496350a80764f3fa7424241b27ac09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarTstLt
_CIsin
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
ord670
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarCopy
_CIatan
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ھ.url
ھʹ˵.htm
.html

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 326KB - Virtual size: 744KB

.rsrc Size: 70KB - Virtual size: 189KB

.idata Size: 512B - Virtual size: 4KB

code Size: 2.1MB - Virtual size: 4.3MB

ad496350a80764f3fa7424241b27ac09

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.rsrc
Size: 70KB - Virtual size: 189KB

.idata
Size: 512B - Virtual size: 4KB

code
Size: 2.1MB - Virtual size: 4.3MB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB