36f15589bb49de160bec027ccfad8f0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36f15589bb49de160bec027ccfad8f0a_JaffaCakes118
Size

208KB
MD5

36f15589bb49de160bec027ccfad8f0a
SHA1

50cccd43be100cf99a342e47ec661497b3f1b75e
SHA256

b47fdada56a451fec07d81899be9a9962ea46cfd9bc0d757966daec5907b12f1
SHA512

d6fffa3cf4ac60ef6274664880ac90150ce703c5f1a133d5dd15d931a4e9565e689382204472d38fe0daf2a1aca92ca8f4a0b948f97ee2b5fc8e18d47214b96d
SSDEEP

6144:GG26S21dK1o1JtMxUKOylK2wCntCXuUzlldO:hnS21dWoUqOKXCnWueO

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comjc1225884666/zip/Chat.exe
unpack001/cvery.comjc1225884666/zip/FRM.exe
unpack001/cvery.comjc1225884666/zip/Project1.exe
unpack002/Chat.exe
unpack003/FRM.exe
unpack006/Project1.exe

Files

36f15589bb49de160bec027ccfad8f0a_JaffaCakes118
.rar
cvery.comjc1225884666/code0001/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0001/img/winsock.gif
.gif
cvery.comjc1225884666/code0001/img/winsockp.gif
.gif
cvery.comjc1225884666/code0002/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0002/img/form20.gif
.gif
cvery.comjc1225884666/code0002/img/view.gif
.gif
cvery.comjc1225884666/code0003/code01.htm
.html .vbs polyglot
cvery.comjc1225884666/code0003/img/form.gif
.gif
cvery.comjc1225884666/code0003/img/richtext.gif
.gif
cvery.comjc1225884666/code0004/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0004/img/property.gif
.gif
cvery.comjc1225884666/code0005/code01.htm
.html .vbs polyglot
cvery.comjc1225884666/code0005/img/winsock.gif
.gif
cvery.comjc1225884666/code0005/img/winsockp.gif
.gif
cvery.comjc1225884666/code0006/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0006/img/edit.gif
.gif
cvery.comjc1225884666/code0006/img/yanshi.gif
.gif
cvery.comjc1225884666/code0007/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0007/img/winsock.gif
.gif
cvery.comjc1225884666/code0007/img/winsockp.gif
.gif
cvery.comjc1225884666/code0008/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0008/img/panels.gif
.gif
cvery.comjc1225884666/code0008/img/statusbar.gif
cvery.comjc1225884666/code0009/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0009/img/edit.gif
.gif
cvery.comjc1225884666/code0009/img/yanshi.gif
.gif
cvery.comjc1225884666/code0010/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0010/img/winsock.gif
.gif
cvery.comjc1225884666/code0010/img/winsockp.gif
.gif
cvery.comjc1225884666/code0011/code01.htm
.html .vbs polyglot
cvery.comjc1225884666/code0011/img/winsock.gif
.gif
cvery.comjc1225884666/code0011/img/winsockp.gif
.gif
cvery.comjc1225884666/code0012/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0101/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0101/img/form01.gif
.gif
cvery.comjc1225884666/code0101/img/form01.psd
cvery.comjc1225884666/code0101/img/form02.gif
.gif
cvery.comjc1225884666/code0101/img/form02.psd
cvery.comjc1225884666/code0102/code01.htm
.html .js polyglot
cvery.comjc1225884666/code0102/img/edit.gif
.gif
cvery.comjc1225884666/code0102/img/yanshi.gif
.gif
cvery.comjc1225884666/index.htm
.html
cvery.comjc1225884666/zip/Chat.exe
.exe windows:4 windows x86 arch:x86

4893492fb7794feb7a2b01cda5faded0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord530
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comjc1225884666/zip/Chat.vbp
cvery.comjc1225884666/zip/Chat_frmMain.frm
cvery.comjc1225884666/zip/Chat_frmMain.frx
cvery.comjc1225884666/zip/FRM.exe
.exe windows:4 windows x86 arch:x86

9f4398bb681bf2162ca0095f15798998

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarTstLt
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comjc1225884666/zip/Fildlg.frm
.vbs
cvery.comjc1225884666/zip/Form1.frm
.vbs
cvery.comjc1225884666/zip/FormBack.frm
cvery.comjc1225884666/zip/FormTxtBox.frm
cvery.comjc1225884666/zip/Module1.bas
.vbs
cvery.comjc1225884666/zip/Popup Menu.Frm
cvery.comjc1225884666/zip/Popup Menu.Vbp
cvery.comjc1225884666/zip/Popup Menu.frx
cvery.comjc1225884666/zip/Project.vbp
cvery.comjc1225884666/zip/Project1.exe
.exe windows:4 windows x86 arch:x86

c81bc14bb8589ce783d33b1c192d8ff4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comjc1225884666/zip/Project1.vbp
cvery.comjc1225884666/zip/ProjectTextBox.vbp
cvery.comjc1225884666/zip/StatBar.frm
cvery.comjc1225884666/zip/StatBar.frx
cvery.comjc1225884666/zip/TEXTEDIT.FRX
cvery.comjc1225884666/zip/TEXTEDIT.VBP
cvery.comjc1225884666/zip/code0001.zip
.zip
Chat.exe
.exe windows:4 windows x86 arch:x86

4893492fb7794feb7a2b01cda5faded0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord530
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Chat.vbp
Chat_frmMain.frm
Chat_frmMain.frx
readme.txt
cvery.comjc1225884666/zip/code0002.zip
.zip
FRM.exe
.exe windows:4 windows x86 arch:x86

9f4398bb681bf2162ca0095f15798998

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarTstLt
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
default.jpg
.jpg
main.frm
main.frx
module.bas
.vbs
project.vbp
cvery.comjc1225884666/zip/code0003.zip
.zip
TEXTEDIT.FRX
TEXTEDIT.VBP
readme.txt
textedit.frm
.vbs
cvery.comjc1225884666/zip/code0004.zip
.zip
Form1.frm
.vbs
Project.vbp
cvery.comjc1225884666/zip/code0004/Form1.frm
.vbs
cvery.comjc1225884666/zip/code0004/MSSCCPRJ.SCC
cvery.comjc1225884666/zip/code0004/Project.vbp
cvery.comjc1225884666/zip/code0005.zip
.zip
Fildlg.frm
.vbs
Project1.exe
.exe windows:4 windows x86 arch:x86

c81bc14bb8589ce783d33b1c192d8ff4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Project1.vbp
test.hlp
cvery.comjc1225884666/zip/code0006.zip
.zip
Popup Menu.Frm
Popup Menu.Vbp
Popup Menu.frx
cvery.comjc1225884666/zip/code0007.zip
.zip
Form1.frm
Project1.vbp
.txt
cvery.comjc1225884666/zip/code0008.zip
.zip
StatBar.frm
StatBar.frx
statbar.vbp
cvery.comjc1225884666/zip/code0009.zip
.zip
cvery.comjc1225884666/zip/code0010.zip
.zip
cvery.comjc1225884666/zip/code0011.zip
.zip
cvery.comjc1225884666/zip/code0012.zip
.zip
cvery.comjc1225884666/zip/code0101.zip
.zip
cvery.comjc1225884666/zip/default.jpg
.jpg
cvery.comjc1225884666/zip/main.frm
cvery.comjc1225884666/zip/main.frx
cvery.comjc1225884666/zip/module.bas
.vbs
cvery.comjc1225884666/zip/statbar.vbp
cvery.comjc1225884666/zip/test.hlp
cvery.comjc1225884666/zip/textedit.frm
.vbs
cvery.comjc1225884666/zip/移动无标题栏窗体.txt
cvery.comjc1225884666/zip/稿件.txt
cvery.comjc1225884666/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

4893492fb7794feb7a2b01cda5faded0

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

9f4398bb681bf2162ca0095f15798998

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

c81bc14bb8589ce783d33b1c192d8ff4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

4893492fb7794feb7a2b01cda5faded0

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

9f4398bb681bf2162ca0095f15798998

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

c81bc14bb8589ce783d33b1c192d8ff4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB