072dcf9e6fb32adae56b9851e0d7f6c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

072dcf9e6fb32adae56b9851e0d7f6c0_JaffaCakes118
Size

99KB
MD5

072dcf9e6fb32adae56b9851e0d7f6c0
SHA1

90a8f6a06ec85507d3bce4a689a90c5f2811725b
SHA256

c8dba74edf88dda21ea76830d6b710e0b4814e4ea8b6a85163bf44bc93c8008d
SHA512

76c5349cfacfc89eec987417829e25b4468ccfebbc0a5a5c0dee8663abc44fd2f63e07b3fb9487f7beb2f5d3a37523fb7cbebfebdacf8f52e1950db4eecf56ec
SSDEEP

3072:T5GgwbEcnLiQn8e1XKNaxEyBlrwS51melV:T5GgaEcj8I5nrw5eL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072dcf9e6fb32adae56b9851e0d7f6c0_JaffaCakes118

Files

072dcf9e6fb32adae56b9851e0d7f6c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daca9efcf2330444b6f6ac3e32142a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetAtomNameW
DeleteFiber
VirtualAlloc
TlsGetValue
MultiByteToWideChar
LoadLibraryA
CreateProcessInternalW
VirtualFreeEx
VirtualUnlock
GetConsoleAliasesLengthW
GetVDMCurrentDirectories
TlsFree
CreateDirectoryExA
LoadLibraryExA
IsDBCSLeadByteEx
GetStdHandle
_lcreat
GetLastError
GetProcAddress
Module32First
CreateFiberEx
GetVolumeInformationW
SetTapePosition
HeapWalk
GetOverlappedResult
RequestDeviceWakeup
WriteFileEx
GetPrivateProfileSectionNamesW
GetProfileStringW
GetDateFormatA
IsBadHugeWritePtr
EscapeCommFunction
SignalObjectAndWait
MulDiv
Heap32Next
Process32First
CreateMutexW
GetConsoleAliasExesLengthA
GetLocaleInfoA
QueueUserAPC
FlushConsoleInputBuffer
SwitchToFiber
WriteFileGather
PrivMoveFileIdentityW
Thread32Next
CompareFileTime
EnumUILanguagesA
SetEnvironmentVariableA
SetConsoleCP
DnsHostnameToComputerNameA

msvbvm60

__vbaR4Sgn
rtcSplit
rtcBstrFromAnsi
rtcCos
rtcGetDayOfMonth
__vbaLbound
BASIC_CLASS_AddRef
__vbaLateIdStAd
__vbaAryRebase1Var
__vbaCyAbs
__vbaPut4
__vbaVarTextTstGe
TipInvokeMethod
Zombie_GetTypeInfoCount
__vbaVarTextCmpGe
__vbaCyMul
__vbaStrUI1
__vbaFreeObjList
__vbaVarCmpGt
PutMemNewObj
rtcMIRR
rtDecFromVar
__vbaHresultCheckNonvirt
__vbaRsetFixstrFree
rtcGetTimeVar
rtcVarFromVar
__vbaVarTextCmpNe
__vbaOnError
EbGetErrorInfo
__vbaCyErrVar
__vbaMidStmtVar
__vbaR8IntI4
__vbaCyForNext
__vbaVarZero
GetMem2
rtcSendKeys
__vbaVarTextTstEq
__vbaLdZeroAry
TipUnloadProject
__vbaVarTextLikeVar
EVENT_SINK_QueryInterface
GetMem1
_CIlog
__vbaPutFxStr3
__vbaStrToUnicode
__vbaLsetFixstrFree

msvcp60

_Toupper

cryptnet

CryptFlushTimeValidObject
I_CryptNetEnumUrlCacheEntry
CryptInstallCancelRetrieval
DllRegisterServer
I_CryptNetGetHostNameFromUrl
CryptGetTimeValidObject
CertDllVerifyCTLUsage
CryptUninstallCancelRetrieval
CryptRetrieveObjectByUrlW
CertDllVerifyRevocation
CryptRetrieveObjectByUrlA
I_CryptNetGetUserDsStoreUrl
CryptCancelAsyncRetrieval
LdapProvOpenStore
CryptGetObjectUrl
DllUnregisterServer

Sections

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 683KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

daca9efcf2330444b6f6ac3e32142a69

Headers

File Characteristics

Imports

kernel32

msvbvm60

msvcp60

cryptnet

Sections

.rsrc Size: 18KB - Virtual size: 18KB

.data Size: - Virtual size: 14.1MB

.text Size: 683KB - Virtual size: 683KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 18KB

.data
Size: - Virtual size: 14.1MB

.text
Size: 683KB - Virtual size: 683KB

.tls
Size: 512B - Virtual size: 4KB