286cec795f7bb2a6f6c920f663ccefa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

286cec795f7bb2a6f6c920f663ccefa6_JaffaCakes118
Size

2.1MB
MD5

286cec795f7bb2a6f6c920f663ccefa6
SHA1

87c33b8e26208637911682485bafdb32ec4f1930
SHA256

887f01613bfb82436b356df4b15f706d4bb9f2f94d71e49ce2924b13587f9ff8
SHA512

942672b6093f335d7757beddcc0ca08fdd46e32d135410cb3dfce7bd2a16f19f387a00361779e2b9216f969ef3c15840df4a6560954348f4e86bbb70509a8183
SSDEEP

49152:P31h8N4N/Q7X9foL2i9KmJpyds46YTQROGF/55ArZFTcCEdXII+OwNy:Pn8N4N47BTi8Xn8ROGF/55Arb4CEdXKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Enviar spam a correos.exe
unpack001/Hack Face.exe
unpack001/Hack.exe
unpack001/Hackear Hotmail.exe
unpack001/Spy.exe

Files

286cec795f7bb2a6f6c920f663ccefa6_JaffaCakes118
.rar
Enviar spam a correos.exe
.exe windows:4 windows x86 arch:x86

cca30a22fe16e048afa4d53496be332a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
ord516
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarForInit
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaErase
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
Zombie_GetTypeInfoCount
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
ord713
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
_CIlog
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaVarMod
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hack Face.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2304.1MB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hack.exe
.exe windows:4 windows x86 arch:x86

74d7359d3a269ee0a80fe9129da02e77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaUbound
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
_CIatan
__vbaAryCopy
__vbaStrMove
_allmul
_CItan
__vbaUI1Var
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hackear Hotmail.exe
.exe windows:4 windows x86 arch:x86

cca30a22fe16e048afa4d53496be332a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
ord516
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarForInit
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaErase
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
Zombie_GetTypeInfoCount
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
ord713
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
_CIlog
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaVarMod
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Spy.exe
.exe windows:4 windows x86 arch:x86

0d82df192fd17966cc7c33519ef15012

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588
MethCallEngine
ord516
ord518
ord519
ord553
ord660
ord558
ord667
ord300
ord595
ord598
ord306
ord520
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
ord563
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord713
ord606
ord607
ord608
ord531
ord717
ProcCallEngine
ord537
ord644
ord645
ord570
ord648
ord572
ord573
ord681
ord576
ord578
ord685
ord100
ord610
ord612
ord616
ord617
ord618
ord619
ord651
ord545
ord546
ord580
ord581

Sections

.text
Size: 876KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca30a22fe16e048afa4d53496be332a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 348KB - Virtual size: 344KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 10KB

Headers

File Characteristics

Sections

.text Size: 2304.1MB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 856B

.rsrc Size: 68KB - Virtual size: 66KB

74d7359d3a269ee0a80fe9129da02e77

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 64KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 68KB - Virtual size: 66KB

cca30a22fe16e048afa4d53496be332a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 348KB - Virtual size: 344KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 10KB

0d82df192fd17966cc7c33519ef15012

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 876KB - Virtual size: 874KB

.data Size: - Virtual size: 108KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 348KB - Virtual size: 344KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 2304.1MB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 856B

.rsrc
Size: 68KB - Virtual size: 66KB

.text
Size: 64KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 68KB - Virtual size: 66KB

.text
Size: 348KB - Virtual size: 344KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 876KB - Virtual size: 874KB

.data
Size: - Virtual size: 108KB

.rsrc
Size: 8KB - Virtual size: 4KB