396a434022116c2dbed488e04bc4149e_JaffaCakes118 | Triage

Sharing

General

Target

396a434022116c2dbed488e04bc4149e_JaffaCakes118
Size

19KB
MD5

396a434022116c2dbed488e04bc4149e
SHA1

f8fc554097149378e77b9ea1e89e69d679975b78
SHA256

e0acdd04cc406bf0ff624d5c6db7be077499d737ff117626881b8870101f1f0e
SHA512

0274b2b6fe1b463aa468f109217cf942eebdc0194b4fc081b0da83d596000e1d48bbeed2f255240138cd5332baecbd78ca9cf347a4fac328550f86d614e0b72f
SSDEEP

384:BI5HaiOP/BNeOlfwv8rfsY3oDQVHuVAUeq3Jx54pkfKWPkpW8B5hc:K6iceO5wvusY46u5JIEK1B5hc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comvb490355544/Coolbar.exe

Files

396a434022116c2dbed488e04bc4149e_JaffaCakes118
.rar
cvery.comvb490355544/Coolbar.exe
.exe windows:4 windows x86 arch:x86

4b2058c4420da6794e5ebed07b46c71d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord301
ord595
ord307
EVENT_SINK_AddRef
ord561
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ord100

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comvb490355544/Coolbar.vbp
cvery.comvb490355544/Coolbar.vbw
cvery.comvb490355544/MSSCCPRJ.SCC
cvery.comvb490355544/Rebar.cls
.vbs
cvery.comvb490355544/RebarSubClass.bas
.vbs
cvery.comvb490355544/frmCoolbar.frm
.vbs
cvery.comvb490355544/frmCoolbar.frx
cvery.comvb490355544/modvbworld.bas
cvery.comvb490355544/下载说明.htm
.html .js polyglot