d583a09455a589af608dd14605680028_JaffaCakes118

General

Target

d583a09455a589af608dd14605680028_JaffaCakes118
Size

434KB
MD5

d583a09455a589af608dd14605680028
SHA1

9fd30d87b3834939e61aae4f0db0384b43f37599
SHA256

5067be80b05a552ddd9ca03d22b822855ffa56a7a28f0ba32d0ced57e9e12810
SHA512

af50a18f4a611fb64244df723fe56e77e7f57704d362abf9acfd262f7db2337392e8fe0c2ffdcdaa925f9e1cb063b337dd02c2b7dbd2733eb8f15e641b2ea781
SSDEEP

6144:WhS5A9ZBg61SOqFG4UWQLVjaZGF8zWMLl4oT37UGyi/WUX0zX+NDtff5uFXsUC3I:cS5AnBld4UWQLVOZGFDKL7LW+/ff5+Np

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinJect.exe
unpack001/bo_synapse_hack_v1.dll

Files

d583a09455a589af608dd14605680028_JaffaCakes118
.rar
WinJect.exe
.exe windows:4 windows x86 arch:x86

60c643fa59479b56bc3919f83937c4cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaFpUI1
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord536
ord537
ord644
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
ord616
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bo_synapse_hack_v1.dll
.dll windows:5 windows x86 arch:x86

7cab23277eb499c5e5eade980f22cb7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Игорь\Desktop\bo_hack9\Release\bo_hack.pdb

Imports

kernel32

DisableThreadLibraryCalls
AddVectoredExceptionHandler
CreateThread
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcr100

_onexit
_except_handler4_common
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_vsnprintf
sprintf_s
_lock
memset

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60c643fa59479b56bc3919f83937c4cd

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 88KB - Virtual size: 85KB

.data Size: 440KB - Virtual size: 436KB

.rsrc Size: 8KB - Virtual size: 4KB

7cab23277eb499c5e5eade980f22cb7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr100

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 496B

.text
Size: 88KB - Virtual size: 85KB

.data
Size: 440KB - Virtual size: 436KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 496B