266341fd11bf78285fbe66e3013bb128_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

266341fd11bf78285fbe66e3013bb128_JaffaCakes118
Size

28KB
MD5

266341fd11bf78285fbe66e3013bb128
SHA1

de0a365f8ee6dd9355d843e609fe9a0e09bf4fd7
SHA256

f2a015dad30aecc91266a9587af6ee04cc30b1d55b357351aa4bfd4ac5606e5a
SHA512

9b7d3cb04699ec721035c19bb548931fbd3cbdd7a4fa37562ca574e9feb984ab530cf185d9099f7e9a3570421575b230e2c6263859a87fe1734468722a1c7786
SSDEEP

768:A7SRjxsJqfVYDGL32sGsfUL8j5WH/zWt2k:WSMJqaDGL1fULO5WfzWtt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VB程序太平洋.EXE
unpack001/Visual Basic 5/Projects/Autosave/Autosave.exe

Files

266341fd11bf78285fbe66e3013bb128_JaffaCakes118
.rar
VB程序太平洋.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Visual Basic 5/Projects/Autosave/Autosave.exe
.exe windows:4 windows x86 arch:x86

bc5301ddece92f7257c353951ceec1e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord622
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord300
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
ord303
_adj_fdivr_m16i
ord599
ord306
ord309
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaFpI4
ord617
_CIatan
__vbaStrMove
ord650
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Visual Basic 5/Projects/Autosave/Autosave.vbp
Visual Basic 5/Projects/Autosave/Autosave.vbw
Visual Basic 5/Projects/Autosave/EnumWindows.bas
Visual Basic 5/Projects/Autosave/HideWindow.bas
Visual Basic 5/Projects/Autosave/MAIN.vbw
Visual Basic 5/Projects/Autosave/Main.frm
.vbs
Visual Basic 5/Projects/Autosave/Main.frx
Visual Basic 5/Projects/Autosave/PopupMenu.bas
Visual Basic 5/Projects/Autosave/modAutosave.bas
Visual Basic 5/Projects/Autosave/modWriteReg.bas
.vbs
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

bc5301ddece92f7257c353951ceec1e6

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB