bb30e803849068c644c9d90c475b63b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bb30e803849068c644c9d90c475b63b9_JaffaCakes118
Size

1.2MB
MD5

bb30e803849068c644c9d90c475b63b9
SHA1

02a176ab43a351b9ba2dc19cd7eb3b5522a0881f
SHA256

99e10e5b9cb36d1c54816ef6ce4359663b47c110a194d3498f23deb53916ca0d
SHA512

975a4acba9dd7a9be484081c2b628d537ef0ff5020ac8607629ebf81733fb22149e1d757a9b2f7ed01b11f41884b4998516afd839224966e99b831ce39f0ba0f
SSDEEP

24576:x2iFgTlNy7voh3LWS3+4PZu8te4XNUTAkssZEgY7PkZ7yzVXL9LtnWU:x2iGTlNy8RLZ/PZ9tyUQZiPkZmzNLnnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install.exe
unpack001/xFire.exe

Files

bb30e803849068c644c9d90c475b63b9_JaffaCakes118
.cab
Install.exe
.exe windows:5 windows x86 arch:x86

94532561ec2c75d652c09b3666499bfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetModuleFileNameW
CreateFileW
GetProcAddress
CloseHandle
GetWindowsDirectoryW
DeleteFileW
LocalFree
lstrcpyW
GetLastError
HeapFree
HeapAlloc
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
GetSystemDirectoryW
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleHandleW
CreateDirectoryW
LoadResource
FreeLibrary
TlsAlloc
FindResourceW

user32

SendMessageW
FindWindowW

shlwapi

StrCpyW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW

advapi32

AllocateAndInitializeSid
SetSecurityInfo
SetEntriesInAclW
FreeSid
GetSecurityInfo

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xFire.exe
.exe windows:4 windows x86 arch:x86

f0e47edc30292d89ab0e5885a1d11414

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
ord525
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaFixstrConstruct
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
ord648
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarLateMemCallLd
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
_allmul
ord652
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 432KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94532561ec2c75d652c09b3666499bfd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 3KB

f0e47edc30292d89ab0e5885a1d11414

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 432KB - Virtual size: 430KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 93KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 432KB - Virtual size: 430KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 93KB