457207409c8b10d94cb4fdb679400146_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

457207409c8b10d94cb4fdb679400146_JaffaCakes118
Size

12KB
MD5

457207409c8b10d94cb4fdb679400146
SHA1

f56594b09acd38764ce05dbd2a4c4a41578e97b8
SHA256

eabe41ee8764a7a4a779f21e3c2a5bfedab14f24626a7baf0b0e8cedfa65b6ed
SHA512

15f6df722f3ea3ad715fa67ae868abccad870d61462306cae2ae7fbd03cf72b965091fca4bd3ef4fe54cb5618c4bb64a5e1c8d8ff56da9955d4b8f4bf54649bf
SSDEEP

192:JNLlskQr2HWAnmnuvlEqofQyK4PpkEEV5h+qxWanhI2AHTSjm5kOSU:tQkWAnJvq5Fq5h+qxWmW2AHTSjmN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9171275/工程1.exe

Files

457207409c8b10d94cb4fdb679400146_JaffaCakes118
.rar
9171275/Form2.frm
.vbs
9171275/Form3.frm
.vbs
9171275/下载说明.htm
.html .js polyglot
9171275/工程1.exe
.exe windows:4 windows x86 arch:x86

d6bfdabc25e9086c2d315bef17f13f33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
ord589
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord660
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
ord594
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaPrintObj
__vbaI2I4
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI2
__vbaR8IntI2
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9171275/工程1.vbp
9171275/扫雷摸型.vbp
9171275/扫雷模拟.frm
.vbs