497f60ecfc57bf463f6ea9a99cf942a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

497f60ecfc57bf463f6ea9a99cf942a1_JaffaCakes118
Size

389KB
MD5

497f60ecfc57bf463f6ea9a99cf942a1
SHA1

02865593e83db7b6dc450d2a7fd8e4dbc68ff84f
SHA256

1841d1c60d8bebce4b73421ed02595f02f8713ba832b382c340932af537ac327
SHA512

44e5751556403a6ba6a2840f8e58f86652bed066efc7ea482b06ef21b1650acf5e73a79256a2b9944de60403b55a9b3cfd18e033311eaabdcb442195a25c0b9b
SSDEEP

6144:N3sScYMMAQtoYqnl2JxVGVeXF/eRt8Jdc0Z2D06hd1Lh0U095HUvHQc:RcYEQtovl2JHGV6E8pIwUj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5801169/cb/cb/资料管理系统.exe
unpack001/5801169/cb/试验/试验/SYS.exe
unpack001/5801169/cb/资料管理系统.exe
unpack001/5801169/试验/试验/SYS.exe

Files

497f60ecfc57bf463f6ea9a99cf942a1_JaffaCakes118
.rar
5801169/cb/Form1.frm
5801169/cb/Form1.frx
5801169/cb/FrmServerWG.frm
.vbs
5801169/cb/FrmServerWG.frx
5801169/cb/Frm_Sql.frm
.vbs
5801169/cb/Frm_Sql.frx
5801169/cb/Frm_jy_dj.frm
.vbs
5801169/cb/Frm_jy_dj.frx
5801169/cb/Frm_pdgl.frm
.vbs
5801169/cb/Frm_pdgl.log
5801169/cb/Frm_tjxf.frm
.vbs
5801169/cb/Frm_tjxf.frx
5801169/cb/Frm_tjxf.log
5801169/cb/Frm_yggl.frm
.vbs
5801169/cb/Frm_yggl.frx
5801169/cb/Frm_yggl.log
5801169/cb/Frm_zlxf_ff.frm
.vbs
5801169/cb/Frm_zlxf_ff.frx
5801169/cb/Frm_zlxf_ff.log
5801169/cb/MSSCCPRJ.SCC
5801169/cb/MdlPub.bas
5801169/cb/Module1.bas
5801169/cb/ModuleFrom.bas
.vbs
5801169/cb/MyQQ.mdb
5801169/cb/cb/Form1.frm
5801169/cb/cb/Form1.frx
5801169/cb/cb/FrmServerWG.frm
.vbs
5801169/cb/cb/FrmServerWG.frx
5801169/cb/cb/Frm_Sql.frm
.vbs
5801169/cb/cb/Frm_Sql.frx
5801169/cb/cb/Frm_hdgl.frm
.vbs
5801169/cb/cb/Frm_hdgl.log
5801169/cb/cb/Frm_jy_dj.frm
.vbs
5801169/cb/cb/Frm_jy_dj.frx
5801169/cb/cb/Frm_pdgl.frm
.vbs
5801169/cb/cb/Frm_pdgl.log
5801169/cb/cb/Frm_tjxf.frm
.vbs
5801169/cb/cb/Frm_tjxf.frx
5801169/cb/cb/Frm_tjxf.log
5801169/cb/cb/Frm_yggl.frm
.vbs
5801169/cb/cb/Frm_yggl.frx
5801169/cb/cb/Frm_yggl.log
5801169/cb/cb/Frm_zlxf_ff.frm
.vbs
5801169/cb/cb/Frm_zlxf_ff.frx
5801169/cb/cb/Frm_zlxf_ff.log
5801169/cb/cb/MSSCCPRJ.SCC
5801169/cb/cb/MdlPub.bas
5801169/cb/cb/Module1.bas
5801169/cb/cb/ModuleFrom.bas
.vbs
5801169/cb/cb/MyQQ.mdb
5801169/cb/cb/client/FrmFriendInfWG.frm
5801169/cb/cb/client/FrmFriendInfWG.frx
5801169/cb/cb/client/FrmMsgWG.frm
.vbs
5801169/cb/cb/client/FrmMsgWG.frx
5801169/cb/cb/client/frmSetWG.frm
5801169/cb/cb/client/pic.RES
5801169/cb/cb/frmAbout.frm
.vbs
5801169/cb/cb/frmAbout.frx
5801169/cb/cb/frmAbout.log
5801169/cb/cb/frmLogin.frm
5801169/cb/cb/frmLogin.frx
5801169/cb/cb/frmLogin.log
5801169/cb/cb/frmMain.frm
.vbs
5801169/cb/cb/frmMain.frx
5801169/cb/cb/frmuser.frm
.vbs
5801169/cb/cb/frmuser.frx
5801169/cb/cb/mdb/1.dtd
.dtd .doc windows office2003
5801169/cb/cb/mdb/gh069.jpg
.jpg
5801169/cb/cb/mdb/ls.lbl
5801169/cb/cb/mdb/ziliao.lbl
5801169/cb/cb/mdb/使用说明.txt
5801169/cb/cb/mdb/复件 ziliao.lbl
5801169/cb/cb/user.lbl
5801169/cb/cb/vb控制EXL/vba-excel/Form1.frm
.vbs
5801169/cb/cb/vb控制EXL/vba-excel/MSSCCPRJ.SCC
5801169/cb/cb/vb控制EXL/vba-excel/Project1.vbp
5801169/cb/cb/vb控制EXL/vba-excel/Project1.vbw
5801169/cb/cb/资料管理系统.PDM
5801169/cb/cb/资料管理系统.exe
.exe windows:4 windows x86 arch:x86

2cc8b7302d1b8524bc544baec0a714c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
ord553
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaBoolStr
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord300
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord306
ord520
__vbaBoolVar
ord309
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaVarZero
__vbaNextEachCollObj
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord608
__vbaFPException
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaStrToAnsi
__vbaVarDup
__vbaFreeVarg
ord321
__vbaVerifyVarObj
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaI2ErrVar
__vbaCastObj
__vbaStrMove
ord618
__vbaStrVarCopy
ord542
ord650
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 764KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5801169/cb/cb/资料管理系统.vbp
5801169/cb/cb/资料管理系统.vbw
5801169/cb/client/FrmFriendInfWG.frm
5801169/cb/client/FrmFriendInfWG.frx
5801169/cb/client/FrmMsgWG.frm
.vbs
5801169/cb/client/FrmMsgWG.frx
5801169/cb/client/frmSetWG.frm
5801169/cb/client/pic.RES
5801169/cb/frmAbout.frm
.vbs
5801169/cb/frmAbout.frx
5801169/cb/frmAbout.log
5801169/cb/frmLogin.frm
5801169/cb/frmLogin.frx
5801169/cb/frmLogin.log
5801169/cb/frmMain.frm
.vbs
5801169/cb/frmMain.frx
5801169/cb/frmuser.frm
.vbs
5801169/cb/frmuser.frx
5801169/cb/mdb/1.dtd
.dtd .doc windows office2003
5801169/cb/mdb/gh069.jpg
.jpg
5801169/cb/mdb/ls.lbl
5801169/cb/mdb/ziliao.lbl
5801169/cb/mdb/使用说明.txt
5801169/cb/mdb/复件 ziliao.lbl
5801169/cb/user.lbl
5801169/cb/vb控制EXL/vba-excel/Form1.frm
.vbs
5801169/cb/vb控制EXL/vba-excel/MSSCCPRJ.SCC
5801169/cb/vb控制EXL/vba-excel/Project1.vbp
5801169/cb/vb控制EXL/vba-excel/Project1.vbw
5801169/cb/试验/试验/Form1.frm
5801169/cb/试验/试验/MSSCCPRJ.SCC
5801169/cb/试验/试验/SYS.exe
.exe windows:4 windows x86 arch:x86

f45a3cdaf8f998a13df23ba15acf109b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord596
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5801169/cb/试验/试验/工程1.vbp
5801169/cb/试验/试验/工程1.vbw
5801169/cb/资料管理系统.PDM
5801169/cb/资料管理系统.exe
.exe windows:4 windows x86 arch:x86

2cc8b7302d1b8524bc544baec0a714c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
ord553
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaBoolStr
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord300
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord306
ord520
__vbaBoolVar
ord309
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaVarZero
__vbaNextEachCollObj
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord608
__vbaFPException
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaStrToAnsi
__vbaVarDup
__vbaFreeVarg
ord321
__vbaVerifyVarObj
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaI2ErrVar
__vbaCastObj
__vbaStrMove
ord618
__vbaStrVarCopy
ord542
ord650
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 764KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5801169/cb/资料管理系统.vbp
5801169/cb/资料管理系统.vbw
5801169/下载说明.htm
.html .js polyglot
5801169/试验/试验/Form1.frm
5801169/试验/试验/MSSCCPRJ.SCC
5801169/试验/试验/SYS.exe
.exe windows:4 windows x86 arch:x86

f45a3cdaf8f998a13df23ba15acf109b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord596
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5801169/试验/试验/工程1.vbp
5801169/试验/试验/工程1.vbw

Sharing

General

Malware Config

Signatures

Files

2cc8b7302d1b8524bc544baec0a714c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 764KB - Virtual size: 761KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 12KB - Virtual size: 8KB

f45a3cdaf8f998a13df23ba15acf109b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

2cc8b7302d1b8524bc544baec0a714c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 764KB - Virtual size: 761KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 12KB - Virtual size: 8KB

f45a3cdaf8f998a13df23ba15acf109b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 764KB - Virtual size: 761KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 764KB - Virtual size: 761KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB