23433d4fe5e4de7d11d4b5a485448c92_JaffaCakes118

General

Target

23433d4fe5e4de7d11d4b5a485448c92_JaffaCakes118
Size

98KB
MD5

23433d4fe5e4de7d11d4b5a485448c92
SHA1

a9ba5a1ed6e93ef9d186439c9dfe9ffafc52bf96
SHA256

735c03726dd53209aad6fbbede647c907aaf06f872ad9241dbb2494d749ec4a1
SHA512

37ea2f787d814a1315e68ec649199529a5ee7c67d9d2c4df70043ffc2e6395aa7f70e36d1c56641bd83105bd5d2b355b96b814a9aef648a5b8db0340b416d54f
SSDEEP

3072:/w8zBr2ju+P0DkDxAkGq5GlxVC/IfnB4dNyeH:/1Nr0JPd+C5b/KWNX

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hooyasoft自动锁机工具/Hooyasoft自动锁机工具.exe
unpack001/Hooyasoft自动锁机工具/SysTray.ocx

Files

23433d4fe5e4de7d11d4b5a485448c92_JaffaCakes118
.rar
Hooyasoft自动锁机工具/Hooyasoft自动锁机工具.exe
.exe windows:4 windows x86 arch:x86

35bfd201ee6c851ca30a436842594f17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
__vbaStrBool
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord716
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord689
__vbaLateMemCall
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hooyasoft自动锁机工具/SysTray.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

f10b624b8f63cedfe03d213ef5fd9b58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
__vbaI2Var
ord644
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hooyasoft自动锁机工具/说明.txt

Sharing

General

Malware Config

Signatures

Files

35bfd201ee6c851ca30a436842594f17

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 116KB - Virtual size: 112KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

f10b624b8f63cedfe03d213ef5fd9b58

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 116KB - Virtual size: 112KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB