343efe67652f11ea8354df206620338a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

343efe67652f11ea8354df206620338a_JaffaCakes118
Size

5.0MB
MD5

343efe67652f11ea8354df206620338a
SHA1

5e8562c7bb8769ba14ff3c4a9f687f89a6d886aa
SHA256

b2fb83f2aacf3c416b9e83b8fddab303339677673a16f31432f627787f30b2a1
SHA512

ea089030c7423385bea93aaac19a689532fb867a41f491d508f4f53263b7c0311eae0fffb413513815ffe387e44c93fbbf4b81312e3fb931cdfd07e0555b8f8d
SSDEEP

98304:Us0EkNqtJWWFMZ+XWL5reLAWy5kxAq1QeJ14aQgc0qtcRsi:UAk+JnSEusA4Aq71dc0qSRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Acad2Earth.exe
unpack001/XPCMD.OCX

Files

343efe67652f11ea8354df206620338a_JaffaCakes118
.rar
Acad2Earth.chm
.chm
Acad2Earth.exe
.exe windows:4 windows x86 arch:x86

3c3ee0b961c25a434f7ead04ae8d8ee8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
ord582
__vbaVarTstGt
ord583
__vbaStrI2
ord584
_CIcos
_adj_fptan
__vbaVarMove
ord585
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaVarIndexStore
__vbaFreeObjList
__vbaLineInputVar
_adj_fprem1
ord626
__vbaStrCat
__vbaForEachCollAd
__vbaVarCmpNe
ord660
__vbaSetSystemError
__vbaHresultCheckObj
ord662
ord665
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaVarPow
ord593
__vbaExitProc
__vbaBoolStr
ord594
__vbaFileCloseAll
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
ord520
__vbaFPFix
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaErase
ord632
__vbaVargVarMove
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarAbs
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord714
__vbaI2Str
ord608
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaVarInt
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
ord614
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaVarTstGe
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
__vbaR8IntI4
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaNextEachCollAd
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Acad2Earth.ini
XPCMD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5baf35045653b3d8cdb25bbbe9112b48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comdlg32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
大随示例/acaddoc.lsp
大随示例/pmx-gzw-v16.dwl
大随示例/pmx-gzw-v16.dwl2
.xml
大随示例/大随高速.dwg
大随示例/大随高速.kml
.xml
大随示例/经纬度修正.TXT
大随示例/经纬度修正_计算结果.txt

Sharing

General

Malware Config

Signatures

Files

3c3ee0b961c25a434f7ead04ae8d8ee8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 252KB - Virtual size: 248KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

5baf35045653b3d8cdb25bbbe9112b48

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 252KB - Virtual size: 248KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB