44c2dab39d6a0ebe1db8cd27553feee9_JaffaCakes118

General

Target

44c2dab39d6a0ebe1db8cd27553feee9_JaffaCakes118
Size

518KB
MD5

44c2dab39d6a0ebe1db8cd27553feee9
SHA1

b737ace60a94624c746af88114fec45aace038b4
SHA256

0b0e58c3b9bb2d16cbff08868a88016b2a012eaef72d9c0deef17fe565df2c5e
SHA512

9be008edff082b8bbb0852c73da85260e00b1babe78524024b15ed58ce566c3f101fdb2080bdffe54cb870f071fa906bebed6a9ff2c1a63d1f02da27e70a8a13
SSDEEP

12288:/+ag1+7EMr//aMIoiaXvpKR+yQ8yXNjyONj8sT/18sz:2pzMrXCoiE0oyNyrtT/1Lz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VB助手[让VB6.0支持鼠标滚轮]/VBH.exe
unpack001/VB助手[让VB6.0支持鼠标滚轮]/VBhelp.dll

Files

44c2dab39d6a0ebe1db8cd27553feee9_JaffaCakes118
.rar
VB助手[让VB6.0支持鼠标滚轮]/VBH.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VB助手[让VB6.0支持鼠标滚轮]/VBhelp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableMsgHook
EnableMsgHook

Sections

CODE
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VB助手[让VB6.0支持鼠标滚轮]/重要说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 820KB - Virtual size: 820KB

DATA Size: 19KB - Virtual size: 19KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 45KB - Virtual size: 45KB

.rsrc Size: 248KB - Virtual size: 248KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 303KB - Virtual size: 302KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 101B

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 19KB - Virtual size: 19KB

CODE
Size: 820KB - Virtual size: 820KB

DATA
Size: 19KB - Virtual size: 19KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 248KB - Virtual size: 248KB

CODE
Size: 303KB - Virtual size: 302KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 101B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 19KB - Virtual size: 19KB