323db27ddf07e4dc394b216ee6a65fa2_JaffaCakes118

General

Target

323db27ddf07e4dc394b216ee6a65fa2_JaffaCakes118
Size

40KB
MD5

323db27ddf07e4dc394b216ee6a65fa2
SHA1

ca2089fa42425203b4341f48cd2aa444d7a0f195
SHA256

9abb811245d043b7ab1e9a25a45d6024194d5eb12d904caa6907426ee0908cff
SHA512

ab6613d76617067aeeed908ae17674d5401107686e64da53fa887f9ca086cd37b4403356a1d1ef75f94ee9e7f0c91dd2654893e7b628f22ec0a5b019c51d6a9d
SSDEEP

768:H6oJoOeWYvNy0sWTfGRAwTECxSymV12f43RU/3eh+3YW26N5R:aoJze9lyBaUArcmcQ3RU/3e2BPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/U盘序列号读取工具.exe

Files

323db27ddf07e4dc394b216ee6a65fa2_JaffaCakes118
.rar
U盘序列号读取工具.exe
.exe windows:4 windows x86 arch:x86

6dab3bc020db5cefd3848594a48651cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
ord516
_adj_fprem1
ord626
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaVarCmpGt
__vbaVargVarMove
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaVarLikeVar
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarMod
__vbaVarCopy
__vbaVarTstGe
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
ord619
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

6dab3bc020db5cefd3848594a48651cc

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 84KB - Virtual size: 82KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 84KB - Virtual size: 82KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB