Overview
overview
3Static
static
32006921111...nt.vbs
windows7-x64
12006921111...nt.vbs
windows10-2004-x64
12006921111...ta.exe
windows7-x64
12006921111...ta.exe
windows10-2004-x64
12006921111...��.url
windows7-x64
12006921111...��.url
windows10-2004-x64
12006921111...��.url
windows7-x64
12006921111...��.url
windows10-2004-x64
12006921111...��.url
windows7-x64
12006921111...��.url
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
200692111116907/VistaForm/mPoint.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
200692111116907/VistaForm/mPoint.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
200692111116907/VistaForm/vista.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
200692111116907/VistaForm/vista.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
200692111116907/VistaForm/免费『商业源码』.url
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
200692111116907/VistaForm/免费『商业源码』.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
200692111116907/免费『商业源码』.url
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
200692111116907/免费『商业源码』.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
200692111116907/新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
200692111116907/新云软件.url
Resource
win10v2004-20240226-en
General
-
Target
ecae3ece307da07df39d434f10ad880a_JaffaCakes118
-
Size
73KB
-
MD5
ecae3ece307da07df39d434f10ad880a
-
SHA1
a98b11d915991615cd6390e1dc512f46f3f8ec44
-
SHA256
0d5bfbb63e5d0528012fabcc34017d4c30e154b97cd163f685819e79ef6f734d
-
SHA512
bcbf915f69f2a37386fcec7df39a7f3f0c563bcc27488fc713ed981e45b888e51fbf8aa18034de0a0302307ac323aed20d2375b7d6eb0bf53a7323f95ec22d58
-
SSDEEP
1536:QDIVjj4wHxCvGCdS26lEcgGem1YJrN96U5QmAswmL/AXkBHrw571AQ:gIVjff1ZlDuDL5AswMIIu7b
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/200692111116907/VistaForm/vista.exe
Files
-
ecae3ece307da07df39d434f10ad880a_JaffaCakes118.rar
-
200692111116907/VistaForm/Form1.frm
-
200692111116907/VistaForm/Form1.frx
-
200692111116907/VistaForm/MSSCCPRJ.SCC
-
200692111116907/VistaForm/VistaForm.GIF
-
200692111116907/VistaForm/VistaForm.RES
-
200692111116907/VistaForm/frmBox.frm
-
200692111116907/VistaForm/frmBox.frx
-
200692111116907/VistaForm/mPoint.bas.vbs
-
200692111116907/VistaForm/vista.exe.exe windows:4 windows x86 arch:x86
5c63d6426604849d1f5a912600914404
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaForEachCollObj
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
_CIsin
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 532KB - Virtual size: 529KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 172KB - Virtual size: 169KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
200692111116907/VistaForm/免费『商业源码』.url
-
200692111116907/VistaForm/工程1.vbp
-
200692111116907/VistaForm/工程1.vbw
-
200692111116907/下载说明.htm.html .js polyglot
-
200692111116907/免费『商业源码』.url
-
200692111116907/新云软件.url.url