403dd831b0e0d6979115341765dfc856_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

403dd831b0e0d6979115341765dfc856_JaffaCakes118
Size

3.3MB
MD5

403dd831b0e0d6979115341765dfc856
SHA1

9d057f1c571dcf13926bd9450365259758cdedf7
SHA256

ac8b10ffb4bdf89a3c538f18b6c1738a8fcf9c7ab8658486ea6804fae470958d
SHA512

5f2807f52dfd5c7c91ceb9015017a1009b165f34fa58ef781689e634a399332f9840908145d388b6afe315a624038568d65dd624911e4d51c82c98a7c4eb1a60
SSDEEP

98304:4vqVopgOzrrlGzaIj8n0qsr8Zb9IFvrRT0F5gsArIe:1elGzaOMnsQZbyvrKgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.com/Crack/spyblocker.exe
unpack001/cvery.com/Setup.exe

Files

403dd831b0e0d6979115341765dfc856_JaffaCakes118
.rar
cvery.com/Crack/spyblocker.exe
.exe windows:4 windows x86 arch:x86

6b73df8a0f49c62c92cd6ddc822c6397

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord620
__vbaNextEachVar
__vbaRaiseEvent
ord621
__vbaLineInputVar
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaNameFile
__vbaHresultCheckObj
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarCmpGe
ord669
__vbaLateMemSt
ord593
__vbaVarForInit
__vbaExitProc
ord300
ord594
__vbaFileCloseAll
ord301
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord599
ord306
__vbaBoolVar
ord520
ord307
ord309
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
ord632
__vbaVarCmpGt
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
__vbaR4ErrVar
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaI2Str
ord608
ord531
__vbaFPException
__vbaInStrVar
ord532
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
ord535
__vbaI2Var
ord537
__vbaExitEachVar
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord570
ord648
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaR8Str
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
__vbaDerefAry1
ord576
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaInStrB
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord612
__vbaVarDup
__vbaStrToAnsi
__vbaVerifyVarObj
ord613
__vbaFpI2
__vbaVarTstGe
__vbaVarCopy
__vbaFpI4
ord616
__vbaR8IntI2
__vbaLateMemCallLd
ord617
__vbaRecDestructAnsi
_CIatan
__vbaAryCopy
__vbaCastObj
ord618
__vbaStrMove
__vbaForEachVar
__vbaStrVarCopy
ord619
_allmul
__vbaVarLateMemCallSt
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cvery.com/Setup.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.com/下载说明.htm
.html .js polyglot
cvery.com/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

6b73df8a0f49c62c92cd6ddc822c6397

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 68KB - Virtual size: 68KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 8KB

CODE
Size: 68KB - Virtual size: 68KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB