047557e6101c0ffef3167fbc2830cc37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

047557e6101c0ffef3167fbc2830cc37_JaffaCakes118
Size

10KB
MD5

047557e6101c0ffef3167fbc2830cc37
SHA1

2c33a040125737c1768f80d24d2c20eb668bc639
SHA256

8b65ecbf8e468002337808f8472135208dee85a288f393915cd40fc697f2680e
SHA512

1f82646c6016ef491878a685932bc916f1f6bcee179f24c43aedde9e9b262aecb1647eb9f7342d94cc7542ba3e5bf9f9de6902dea9dbe4ac636a6798b3287521
SSDEEP

192:JjgzBkdQp0ysKXVN+ejKouKHX9DScSoh3JtUxsMseatQC/K3ivmL2efm7:hguQ35VNiKHXxScSohYunt3/K3ieL2eO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BIT.exe
unpack001/VB程序太平洋.EXE

Files

047557e6101c0ffef3167fbc2830cc37_JaffaCakes118
.rar
BIT.exe
.exe windows:4 windows x86 arch:x86

8f62ed46918bfe5d9d25e9ce59d68fed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord595
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord100

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Form1.frm
Form1.frx
Projekt1.vbp
VB程序太平洋.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
modMain.bas
.vbs
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

8f62ed46918bfe5d9d25e9ce59d68fed

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 4KB

.data Size: - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB