e821b6a7461128c27ec97187762181a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e821b6a7461128c27ec97187762181a7_JaffaCakes118
Size

264KB
MD5

e821b6a7461128c27ec97187762181a7
SHA1

fbc4719bda7a870500a7abb9e525485354c51c86
SHA256

35e53e881f0eaf0bd0690d8f382e621e94a4dddb4dcff8af7ba4b334586a05c7
SHA512

25ba97e7596e91902591830a81dd06d29a103ff56efb506ce81033f097052638d4e288000c5f70133a061d76c769e00d50075732bcc5a892a7b73d5505cb4a22
SSDEEP

6144:9Ovi6aDRcBrvNmSF8zdpDNWLNihu9bkA6Cw4hFqVvXg7llm:UiHDkrvDF8PDJMXTFqVY7/m

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2006111519296414/VsNetMenu.ocx
unpack001/2006111519296414/zpzPrint.dll

Files

e821b6a7461128c27ec97187762181a7_JaffaCakes118
.rar
2006111519296414/65.nps1
2006111519296414/CaiW.vbp
2006111519296414/CaiW.vbw
2006111519296414/MDIForm1.frm
2006111519296414/VsNetMenu.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

644c625dbe727aed8203259448f73750

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

msvbvm60

EVENT_SINK_GetIDsOfNames

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

pec1
Size: 72KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2006111519296414/bas/CMoney.bas
.vbs
2006111519296414/bas/drp_JinZhd.DCA
2006111519296414/bas/drp_JinZhd.Dsr
2006111519296414/bas/drp_JinZhd.dsx
2006111519296414/bas/drp_ZhiP.DCA
2006111519296414/bas/drp_ZhiP.Dsr
2006111519296414/bas/mdlDaX.bas
.vbs
2006111519296414/bas/mdlMain.bas
2006111519296414/bas/modPublic.bas
.vbs
2006111519296414/bas/免费『商业源码』.url
2006111519296414/data/data.mdb
2006111519296414/frm/MDIForm1.frm
.vbs
2006111519296414/frm/MDIForm1.frx
2006111519296414/frm/frmE_JinZhD.frm
.vbs
2006111519296414/frm/frmE_JinZhD.frx
2006111519296414/frm/frmE_MZhiP.frm
.vbs
2006111519296414/frm/frmL_JinZhD.frm
.vbs
2006111519296414/frm/frmL_JinZhD.frx
2006111519296414/frm/frmL_ZhiP.frm
.vbs
2006111519296414/frm/frmL_ZhiP.frx
2006111519296414/frm/frm_JinZhD.frm
.vbs
2006111519296414/frm/frm_JinZhD.frx
2006111519296414/frm/frm_MZhiP.frm
.vbs
2006111519296414/frm/frm_MZhiP.frx
2006111519296414/i.nps
2006111519296414/zpzPrint.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b6553a50c841f0fbd8b94011145f0d5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
__vbaVargParmRef
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaStrVarMove
__vbaAptOffset
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
ord553
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaVarCmpGe
__vbaAryDestruct
__vbaLateMemSt
__vbaBoolStr
__vbaStrBool
__vbaForEachCollObj
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
ord599
ord520
__vbaStrFixstr
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
ord632
__vbaLateMemStAd
__vbaVarZero
__vbaVarCmpGt
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaR4Str
__vbaPrintObj
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
ord713
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
__vbaI2Str
ord608
ord716
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
ord618
__vbaCastObj
__vbaStrMove
ord542
ord650
_allmul
__vbaLateIdSt
ord545
__vbaLateMemCallSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2006111519296414/下载说明.htm
.html .js polyglot
2006111519296414/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

644c625dbe727aed8203259448f73750

Headers

File Characteristics

Imports

kernel32

msvbvm60

Exports

Exports

Sections

pec1 Size: 72KB - Virtual size: 264KB

.rsrc Size: 41KB - Virtual size: 44KB

pec2 Size: 2KB - Virtual size: 16KB

pec3 Size: 512B - Virtual size: 4KB

.pec Size: 1KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 4KB

b6553a50c841f0fbd8b94011145f0d5d

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 404KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 29KB

pec1
Size: 72KB - Virtual size: 264KB

.rsrc
Size: 41KB - Virtual size: 44KB

pec2
Size: 2KB - Virtual size: 16KB

pec3
Size: 512B - Virtual size: 4KB

.pec
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 408KB - Virtual size: 404KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 29KB