1c55ac4bac3e12e42398bf4b4a15be84_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c55ac4bac3e12e42398bf4b4a15be84_JaffaCakes118
Size

166KB
MD5

1c55ac4bac3e12e42398bf4b4a15be84
SHA1

b9b8d291f18f59528e35ddf219f8ac87cae0deea
SHA256

544e493fdb2c917c71a5ce74f80b231b2997b5252f843ac8eae9123b8799d780
SHA512

4101cbf63e0830756ad6c76c04bd8022f5bde8f41982a7c0e47dca767826b2c67791e8d0b570b7baeac52852bc9da31835af8363d6e872c48bd780c0e8b23513
SSDEEP

3072:Gymqv+8ys9QVkom/qvPAviw8Ny7nI1O2Asyt4rctuACn0akDthScm:GRq9QVdmz2N2I1Ovt4rqnDTSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xplayer.ocx
unpack001/playerX.exe

Files

1c55ac4bac3e12e42398bf4b4a15be84_JaffaCakes118
.rar
Class1.cls
.vbs
Form1.frm
.vbs
Form1.frx
GoldButton.ctl
.vbs
GoldButton.ctx
MSSCCPRJ.SCC
ModMain.bas
.vbs
ModMixerAPI.bas
ModuleMultimedia.bas
.vbs
Mp3HeaderTag.bas
.vbs
Player.frm
.vbs
Player.frx
Player.log
Progybar.ctl
.vbs
Progybar.ctx
Xplayer.ctl
.vbs
Xplayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

6836a2f7f593c1b6e1b93c6073effe7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaGosubReturn
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
__vbaGetFxStr4
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarPow
__vbaExitProc
__vbaVarForInit
ord593
ord300
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaStrFixstr
__vbaBoolVar
ord522
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord631
ord524
ord632
__vbaChkstk
__vbaFileClose
__vbaGosubFree
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaR8Str
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
ord617
_CIatan
ord618
__vbaStrMove
__vbaStrVarCopy
__vbaPutFxStr3
__vbaR8IntI4
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xplayer.vbp
Xplayer.vbw
about.txt
frmabout.frm
frmabout.frx
frmfullscreen.frm
frmfullscreen.frx
frmhelp.frm
frmhelp.frx
misc.bas
playerX.exe
.exe windows:4 windows x86 arch:x86

9a0df159e1d89cce9ff2b2bdb3fe6eca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaGosubReturn
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
__vbaGetFxStr4
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarPow
__vbaExitProc
__vbaVarForInit
ord593
ord300
__vbaI4Abs
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaStrFixstr
__vbaBoolVar
ord522
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord631
ord524
ord632
__vbaChkstk
__vbaFileClose
__vbaGosubFree
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaR8Str
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
__vbaPutFxStr3
__vbaR8IntI4
ord619
_allmul
__vbaLateIdSt
ord652
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

6836a2f7f593c1b6e1b93c6073effe7c

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 176KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 16KB - Virtual size: 14KB

9a0df159e1d89cce9ff2b2bdb3fe6eca

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 284KB - Virtual size: 283KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 180KB - Virtual size: 176KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 284KB - Virtual size: 283KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB