155a3a3bee034066005a6be4d225505d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

155a3a3bee034066005a6be4d225505d_JaffaCakes118
Size

1.1MB
MD5

155a3a3bee034066005a6be4d225505d
SHA1

0d5a474dfad04a66b3c8c43051fc08b817abe417
SHA256

d6f682eba84d246991851ba4548fbddab29134f1e5c5369542ef5c776d401bf2
SHA512

2d23099f800c71379bb5b37b40c4f2563577d84347ffcd346246345a3bb3c470bed8068917b00acb7d28d04cedc64e4742534d628922bc09660c01e0846c6ae0
SSDEEP

24576:2qtKmvOGR5pMatHKy0HJn0mInspIIKYtPw93C9RG:XlvF5qaMyun0gpESTG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
155a3a3bee034066005a6be4d225505d_JaffaCakes118

Files

155a3a3bee034066005a6be4d225505d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8dd605fc7139f24affea3551f325cfa2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Toupper

kernel32

GetVolumeInformationW
EscapeCommFunction
FlushConsoleInputBuffer
WriteFileEx
TlsGetValue
PrivMoveFileIdentityW
GetConsoleAliasExesLengthA
VirtualUnlock
SignalObjectAndWait
QueueUserAPC
GetAtomNameW
SetConsoleCP
RequestDeviceWakeup
_lcreat
EnumUILanguagesA
SetEnvironmentVariableA
CreateFiberEx
CreateMutexW
TlsFree
GetOverlappedResult
DnsHostnameToComputerNameA
Process32First
SetTapePosition
GetConsoleAliasesLengthW
GetProfileStringW
Thread32Next
GetDateFormatA
VirtualAlloc
ResetWriteWatch
HeapWalk
MulDiv
CreateProcessInternalW
CreateDirectoryExA
Module32First
IsDBCSLeadByteEx
HeapQueryInformation
GetProcAddress
GetVDMCurrentDirectories
MultiByteToWideChar
LoadLibraryA
DeleteFiber
CompareFileTime
GetLastError
GetPrivateProfileSectionNamesW
SwitchToFiber
VirtualFreeEx
WriteFileGather
GetLocaleInfoA
GetDiskFreeSpaceW
Heap32Next

msvbvm60

__vbaPut4
rtcSendKeys
__vbaLateIdStAd
__vbaHresultCheckNonvirt
TipInvokeMethod
rtcGetDayOfMonth
rtcGetTimeVar
__vbaLbound
rtcCos
__vbaMidStmtVar
__vbaLdZeroAry
__vbaVarTextCmpGe
rtcVarFromVar
__vbaRsetFixstrFree
__vbaCyErrVar
PutMemNewObj
rtcSplit
rtcMIRR
__vbaCyAbs
__vbaR8IntI4
__vbaFreeObjList
__vbaCyMul
EbGetErrorInfo
__vbaOnError
GetMem1
__vbaVarCmpGt
__vbaVarTextTstGe
__vbaLsetFixstrFree
GetMem2
__vbaPutFxStr3
__vbaR4Sgn
rtcBstrFromAnsi
__vbaVarZero
__vbaVarTextLikeVar
__vbaAryRebase1Var
_CIlog
__vbaStrUI1
BASIC_CLASS_AddRef
EVENT_SINK_QueryInterface
Zombie_GetTypeInfoCount
rtDecFromVar
__vbaVarTextCmpNe
__vbaVarTextTstEq
__vbaCyForNext
TipUnloadProject
__vbaStrToUnicode

cryptnet

CryptUninstallCancelRetrieval
CryptCancelAsyncRetrieval
DllUnregisterServer
CryptRetrieveObjectByUrlA
I_CryptNetEnumUrlCacheEntry
DllRegisterServer
CryptRetrieveObjectByUrlW
CertDllVerifyRevocation
CryptGetTimeValidObject
I_CryptNetGetUserDsStoreUrl
LdapProvOpenStore
I_CryptNetGetHostNameFromUrl
CryptInstallCancelRetrieval
CertDllVerifyCTLUsage
CryptGetObjectUrl
CryptFlushTimeValidObject

Sections

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8dd605fc7139f24affea3551f325cfa2

Headers

File Characteristics

Imports

msvcp60

kernel32

msvbvm60

cryptnet

Sections

.rsrc Size: 163KB - Virtual size: 163KB

.data Size: - Virtual size: 15.2MB

.text Size: 877KB - Virtual size: 877KB

.tls Size: 512B - Virtual size: 4KB

.rsrc
Size: 163KB - Virtual size: 163KB

.data
Size: - Virtual size: 15.2MB

.text
Size: 877KB - Virtual size: 877KB

.tls
Size: 512B - Virtual size: 4KB