6d8e25a9ee986a43bd3eaf3249356191_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6d8e25a9ee986a43bd3eaf3249356191_JaffaCakes118
Size

159KB
MD5

6d8e25a9ee986a43bd3eaf3249356191
SHA1

02b9febd3708dd00512f206dc25dcc434a85346b
SHA256

0ddff23421797acfdf153c72083c68c28b7d12cfbc691af6e937466fd3a1355a
SHA512

063c4ee0dbd221f9ebe21b15c019c9c5c8e02f0408cc727fe0bfe9420837ce601341a059c8d5789b5492f50dd4c14f6928b8caa465d92ebf65a48d975c0c2b8d
SSDEEP

3072:jqLRRMgpb8bwDMIyXR7MNSUg7CpK8PM4IeevWOT+xlt2pv/Coces0br:j8RakbBDe/DK44IHRT8t2Y3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zpjsgj/zpjsgj/Frecalc.exe
unpack001/zpjsgj/zpjsgj/comdlg32.dll

Files

6d8e25a9ee986a43bd3eaf3249356191_JaffaCakes118
.zip
zpjsgj/zpjsgj/Frecalc.exe
.exe windows:4 windows x86 arch:x86

7913e7411f1a74e53fc340e1bc1b3d3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaStrCat
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord524
ord709
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
ord713
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord647
__vbaInStr
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaFpI4
__vbaVarCopy
ord617
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zpjsgj/zpjsgj/comdlg32.dll
.dll windows:5 windows x86 arch:x86

59c82ff601c39f53d273ded3cfbb23b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueW

comctl32

ord16
ord412
ord413
ord410
PropertySheetW
CreatePropertySheetPageW
ord401
ord386
ord339
ord335
ord156
ord167
ord400
ord169
ord152
ord341
ord403
InitCommonControlsEx
ImageList_GetIconSize
ord338
ImageList_Destroy
ord334
ord329
ord328
ImageList_Draw
CreateToolbarEx

gdi32

Rectangle
CreateSolidBrush
DeleteObject
GetStockObject
CreatePen
GetNearestColor
DeleteDC
CreateCompatibleDC
RealizePalette
SelectPalette
PatBlt
BitBlt
LineTo
MoveToEx
CreateCompatibleBitmap
CreateDIBitmap
CreateDiscardableBitmap
GetObjectW
GetTextMetricsW
ExtTextOutW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPointW
EnumFontFamiliesExW
GetDeviceCaps
GetTextCharset
TextOutW
GetTextCharsetInfo
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetWindowExtEx
GetViewportExtEx
GetMapMode
TranslateCharsetInfo
CreateFontIndirectW
ExcludeClipRect
CreateDCW
CreateICW
CreateFontW
CreateRectRgnIndirect
GetCharWidth32W
SelectObject
SelectClipRgn

kernel32

FindResourceA
GetACP
GetProcAddress
GetModuleHandleW
MulDiv
lstrcpynW
lstrcmpW
GlobalFree
GlobalAlloc
lstrcpyW
lstrcpyA
DeleteCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
DeleteFileW
GetTempFileNameW
GetProfileStringW
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalReAlloc
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
SetErrorMode
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
GetSystemDefaultUILanguage
FindResourceExW
ExpandEnvironmentStringsW
FreeResource
LoadResource
LockResource
SetCurrentDirectoryW
CreateEventW
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
ResetEvent
FreeLibraryAndExitThread
LocalReAlloc
GetFullPathNameW
GetFileAttributesW
GetProcessVersion
GetVolumeInformationW
GetUserDefaultLCID
TlsSetValue
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
LocalSize
WideCharToMultiByte
CloseHandle
GetVersionExA
InterlockedExchange
GetModuleHandleA
DelayLoadFailureHook
FindResourceW
LocalFree
MultiByteToWideChar
lstrlenA
LocalAlloc
SetLastError
TlsGetValue
lstrlenW
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetShortPathNameW
GetCurrentDirectoryW
CreateFileW
lstrcmpiW
GetDriveTypeW
SetEvent
GetCurrentThreadId

ntdll

RtlUnwind
_wcsicmp
wcslen
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
RtlIsNameLegalDOS8Dot3
_chkstk
_vsnwprintf
memmove
NtQueryVirtualMemory

shell32

SHAddToRecentDocs
ord17
ord25
SHBindToParent
ord155
ord18
SHGetPathFromIDListW
ord102
ord644
ord645
ord21
ord2
ord16
ord71
ord89
ord4
ord195
SHGetDesktopFolder
SHGetMalloc
ord100
SheChangeDirExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHCreateShellItem
ord152
ord148
ord68
ord77
ord19
ord153
ord24
SHGetFolderLocation
ord190
ord173
ord42
ord654
ord714
ord96
ord755
ord95
ord28

shlwapi

PathAddBackslashW
ord437
ord476
ord80
StrCmpW
ord16
ord355
PathIsUNCW
UrlIsW
PathFindExtensionW
ord197
SHRegGetValueW
PathFileExistsW
ord204
StrDupW
ord317
ord172
StrStrW
PathCombineW
PathMatchSpecW
PathGetDriveNumberW
SHOpenRegStream2W
ord219
ord346
StrCmpIW
ord461
StrRetToBufW
ord175
PathFindFileNameW
ord266
SHRegGetBoolUSValueW
StrCmpNIW
wvnsprintfW
PathRemoveBlanksW
PathIsRootW
wnsprintfW
StrRChrW
ord217
ord215
PathSkipRootW
StrChrW

user32

DialogBoxIndirectParamW
CharPrevW
KillTimer
GetWindowTextLengthW
CreateDialogIndirectParamA
SetTimer
IsWindowVisible
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
CreatePopupMenu
DestroyMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
PeekMessageW
EnumChildWindows
GetDlgCtrlID
SetWindowsHookExW
LoadAcceleratorsW
UnhookWindowsHookEx
CreateDialogIndirectParamW
GetSystemMenu
DeleteMenu
SetParent
CallNextHookEx
LockWindowUpdate
GetWindow
GetLastActivePopup
FindWindowExW
RedrawWindow
DrawTextW
DrawIcon
GetWindowPlacement
SetWindowPlacement
GetKeyState
LoadIconW
LoadImageW
RegisterClipboardFormatW
GetKeyboardLayout
DestroyWindow
GetDlgItemTextA
SetDlgItemTextA
CheckRadioButton
IsWindow
RegisterWindowMessageA
RegisterWindowMessageW
MessageBeep
IsDlgButtonChecked
CheckDlgButton
SetWindowTextW
DlgDirListW
SetDlgItemTextW
GetWindowTextW
MessageBoxW
PostMessageW
CharNextW
DefWindowProcW
GrayStringW
CharLowerW
GetDialogBaseUnits
ScreenToClient
CreateWindowExW
GetWindowLongA
LoadStringW
GetSystemMetrics
ShowCursor
LoadCursorW
SetCursor
IntersectRect
EqualRect
GetSysColorBrush
InvalidateRect
IsWindowEnabled
WinHelpW
BeginPaint
EndPaint
SetPropW
PtInRect
SetCapture
ClipCursor
ValidateRect
ChildWindowFromPoint
DialogBoxIndirectParamAorW
CreateDialogIndirectParamAorW
CharNextA
GetWindowLongW
FrameRect
GetSysColor
CopyRect
ReleaseDC
DrawFocusRect
InflateRect
GetDC
GetFocus
MapWindowPoints
GetClientRect
GetDlgItem
CallWindowProcW
SetFocus
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextW
RemovePropW
EndDialog
UpdateWindow
SendDlgItemMessageW
SetWindowPos
EnableWindow
ShowWindow
MoveWindow
SetWindowLongW
GetWindowRect
DrawEdge
FillRect
GetParent
SendMessageW
GetPropW
TranslateAcceleratorW

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zpjsgj/ʹǰؿ.txt
zpjsgj/.url

Sharing

General

Malware Config

Signatures

Files

7913e7411f1a74e53fc340e1bc1b3d3b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 13KB

59c82ff601c39f53d273ded3cfbb23b0

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

gdi32

kernel32

ntdll

shell32

shlwapi

user32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.data Size: 3KB - Virtual size: 13KB

.rsrc Size: 57KB - Virtual size: 57KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 13KB

.text
Size: 192KB - Virtual size: 191KB

.data
Size: 3KB - Virtual size: 13KB

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 9KB - Virtual size: 9KB