6306779520c43f104a663ed74cb6bc15_JaffaCakes118

General

Target

6306779520c43f104a663ed74cb6bc15_JaffaCakes118
Size

19KB
MD5

6306779520c43f104a663ed74cb6bc15
SHA1

487fdaf3b833f5af2bcabbf8b282f88acff094b1
SHA256

7843461aeda990420436d87fd6efaca3e74b7e377eaec6ea03dcaea1203675bf
SHA512

1a885e9a4c504425e0371c29debe19fce5ca5de2f20ec7e8ceda7a192ba04ffbb4ea27e35f45ddd9ba0ebabb7f25d94761211210788ffe8b4a4e8e75dd1a5027
SSDEEP

384:2Olh6KnMDiv7bDO/sm3raCZfsw71tTiW8+7Nle7KKKtBUwHolfkFu3oN9KCApdU:2OlPnMDKbDObRfsw7HL8+7NcktB9Hu81

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hook.dll
unpack001/格盘拦截.exe

Files

6306779520c43f104a663ed74cb6bc15_JaffaCakes118
.rar
hook.dll
.dll windows:1 windows x86 arch:x86

9cf87bae2ba09e1909818f35b26fb9ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ReadFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
WriteProcessMemory
RtlMoveMemory

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CreateDialogParamA
CreateWindowExA
MessageBoxA
CallNextHookEx
DialogBoxParamA
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

InstallHook
UnHook

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
格盘拦截.exe
.exe windows:4 windows x86 arch:x86

745a8aa756f4df4aa041f32466b31bcf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
河源下载站-Xz7.com.url
.url

Sharing

General

Malware Config

Signatures

Files

9cf87bae2ba09e1909818f35b26fb9ea

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 4KB

.link Size: 1KB - Virtual size: 1KB

.rloc Size: 512B - Virtual size: 252B

745a8aa756f4df4aa041f32466b31bcf

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 88KB - Virtual size: 85KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 4KB

.link
Size: 1KB - Virtual size: 1KB

.rloc
Size: 512B - Virtual size: 252B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 88KB - Virtual size: 85KB