38a65cd4f293396a094824d71e59124b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38a65cd4f293396a094824d71e59124b_JaffaCakes118
Size

44KB
MD5

38a65cd4f293396a094824d71e59124b
SHA1

e84618d0c9ba0499de173aae3f7e636992de8f27
SHA256

d8886aa026808bb49844053be0dc030b24023f003fbab5f9b27f1faf3c7a98ec
SHA512

54c42d7bbeb96a50f5e64155b3bb087a9c0a6ea22c865e59d8e2d360bf63a226e9f29acc57150dab4a4ae446dac459539d222a99cb039af20f1d51bc8a0d3e03
SSDEEP

384:WMQAJBwb7vgkbxtFWDIJAf2Ll0p6+fgvo9xyQpkPwap91z1lUm78gDx0sKUB+eEt:WMQASbx60JAf2Ll0IoKRhe6jk2bM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38a65cd4f293396a094824d71e59124b_JaffaCakes118

Files

38a65cd4f293396a094824d71e59124b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7f0cd6938da1637ed43c9e960a1a1efc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA

kernel32

RtlMoveMemory
LoadLibraryA
FreeLibrary
GetVersionExA
GetProcAddress

olepro32

OleTranslateColor

gdi32

SelectObject
GetObjectA
CreateBitmap
CreatePen
MoveToEx
GetNearestPaletteIndex
DeleteDC
SetBitmapBits
CreatePatternBrush
CreateHatchBrush
GetStockObject
CreateRoundRectRgn
SetPixelV
CreateSolidBrush
FillRgn
CreateCompatibleDC
CreateBitmapIndirect
Ellipse
Polygon
GetCurrentObject
SelectPalette
GetPixel
LineTo
RealizePalette
GetROP2
StretchBlt
SetROP2
GetTextColor
ExtFloodFill
SetTextColor
GetPaletteEntries
GetBitmapBits
CreateRectRgn
PatBlt
GetBkMode
GetBkColor
CreateHalftonePalette
TextOutA
RoundRect
DeleteObject
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateFontA
SetBkMode
SetBkColor
BitBlt

user32

DrawFrameControl
GetDesktopWindow
ScreenToClient
FillRect
DrawTextExA
DrawStateA
PtInRect
GetSysColor
DrawTextA
ReleaseDC
DrawFocusRect
GetDC
GetSystemMetrics
DrawEdge
SetRect
GetCursorPos

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarSub
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaHresultCheck
__vbaVarVargNofree
__vbaFpCDblR4
__vbaFreeVar
__vbaLenBstr
ord588
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
ord558
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVar
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaNextEachCollObj
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
ord605
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaVarDiv
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
ord320
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
ord321
ord614
__vbaFpI2
__vbaUnkVar
ord616
__vbaFpI4
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaI4Cy
__vbaR8IntI4
ord650
_allmul
__vbaLateIdSt
__vbaFpCSngR4
_CItan
ord546
__vbaNextEachCollAd
__vbaAryUnlock
__vbaFPInt
__vbaFpCSngR8
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Oreloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.neolit
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f0cd6938da1637ed43c9e960a1a1efc

Headers

File Characteristics

Imports

shell32

kernel32

olepro32

gdi32

user32

msvbvm60

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 388KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 19KB

Oreloc Size: 44KB - Virtual size: 44KB

.neolit Size: 12KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 220B

.text
Size: 388KB - Virtual size: 388KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 19KB

Oreloc
Size: 44KB - Virtual size: 44KB

.neolit
Size: 12KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 220B