3b6e5e96866be73dbdc057e0fdb22082_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b6e5e96866be73dbdc057e0fdb22082_JaffaCakes118
Size

95KB
MD5

3b6e5e96866be73dbdc057e0fdb22082
SHA1

79c59f39731d5ef67691602397f69b0923351d21
SHA256

65bdb0b3df00bdd0cce1f03794ff441d2e07c48638a65a836e0447b18faf3533
SHA512

9270d357feca5837af6977d78822debf2efe76e5c5e36878a4cea8ddfe3c3e5bb0d9e0cc499493abe63f1052c81df228686130dc85a97be1364b839749edcb1f
SSDEEP

1536:8lUtF6GQoCL/UG/uLTAAxIKYdmA9zA6v+KY33FSHbxCjnHdKzMh:Sq6FoCLPWLTreKA9A6vDKKMjnIzMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chet Sucks/Chet Sucks/Chet Sucks.exe
unpack001/Chet Sucks/Chet Sucks/YMSG12ENCRYPT.dll

Files

3b6e5e96866be73dbdc057e0fdb22082_JaffaCakes118
.rar
Chet Sucks/Chet Sucks/0.jpg
.jpg
Chet Sucks/Chet Sucks/Bots.txt
Chet Sucks/Chet Sucks/Chet Sucks.exe
.exe windows:4 windows x86 arch:x86

0ea7b85b3786830cfea092c1b0f0e4f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaVarTstLt
__vbaRefVarAry
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord534
ord535
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaVarDup
ord616
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Chet Sucks/Chet Sucks/ReadMe.txt
Chet Sucks/Chet Sucks/YMSG12ENCRYPT.dll
.dll windows:4 windows x86 arch:x86

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4486
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord6375
ord3830
ord4274
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strchr
isalpha
isdigit
sprintf
realloc
strncmp
strcspn
strncpy
free

kernel32

LocalFree
LocalAlloc

Exports

Exports

YMSG12_ScriptedMind_Encrypt

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ea7b85b3786830cfea092c1b0f0e4f3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 64KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 822B

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 822B