4af4e8cc8ef21eb4853de84d72359846_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4af4e8cc8ef21eb4853de84d72359846_JaffaCakes118
Size

322KB
MD5

4af4e8cc8ef21eb4853de84d72359846
SHA1

a94d3554d5248e113a694d601cdff7436097dc4d
SHA256

b4edccdb5439cf5a783ebc6fd4a49df8f25b52901c7cfe02c7dcdec9978a1cf0
SHA512

2134b2393b1fd08af6a34bd91fc466a6fd949d2bd03d4c12f356edc2b96fdc10aaaee02097a56d78e6b60e21493a6865f545fb5d91bb58bcd56fd91f6d1b6c4e
SSDEEP

6144:sHgFNOGTwqjB4LDuu0hYkinGeBWGOoZHMq6S7/LIOjBwQqSdUvc4b0t7Bc:TzdTdB4+uWSzLIiRvwb0t7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msxml2.dll
unpack001/永盛桌面天气预报3.exe

Files

4af4e8cc8ef21eb4853de84d72359846_JaffaCakes118
.rar
SET.INI
Tqdata.xml
.xml
msxml2.dll
.dll regsvr32 windows:5 windows x86 arch:x86

fd3e97d1a321f0144f165f7ba65a857f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

GetHGlobalFromStream
StringFromCLSID
CoTaskMemAlloc
CreateBindCtx
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance

shlwapi

ord117
ord56
ord136
ord60
ord116
PathFindExtensionW
UrlCanonicalizeW
ord2
PathFindFileNameW
ord15
ord311
ord310
ord125
ord128
StrCatW
ord26
StrCmpNIA
PathIsURLW
UrlUnescapeW
PathSearchAndQualifyW
UrlCreateFromPathW
PathCreateFromUrlW
UrlIsW
ord52
StrCpyW
ord68
StrToIntW
StrCmpNIW
ord45
StrCmpNW
ord43
ord38
ord51
ord83
StrCmpW
ord115

kernel32

SuspendThread
LocalAlloc
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapReAlloc
GetOEMCP
GetACP
VirtualQuery
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
CreateThread
SetThreadPriority
CreateEventA
GlobalAlloc
lstrcatW
GlobalLock
GlobalUnlock
GetSystemDefaultLCID
GetThreadLocale
SetEndOfFile
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcatA
MultiByteToWideChar
lstrcmpA
ExpandEnvironmentStringsA
GetModuleFileNameA
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
lstrlenW
HeapFree
HeapSize
HeapAlloc
VirtualFree
VirtualAlloc
GetProcessHeap
DuplicateHandle
GetCurrentThread
CloseHandle
GetVersionExA
TlsAlloc
TlsFree
GetThreadContext
InterlockedExchange
Sleep
WaitForSingleObject
ResumeThread
SetEvent
ResetEvent
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
ReleaseSemaphore
DeleteCriticalSection
CreateSemaphoreA
InitializeCriticalSection
HeapDestroy
GetLastError
HeapCreate
GetSystemInfo
SetLastError
DebugBreak
RaiseException
WideCharToMultiByte
GetFullPathNameA
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
FormatMessageA
FileTimeToSystemTime
SystemTimeToFileTime
GetCPInfo
WriteFile
GetFileType
SetFilePointer
CreateFileA
FlushFileBuffers
ReadFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url
永盛桌面天气预报3.exe
.exe windows:4 windows x86 arch:x86

5ecf2455161e688800d52bd0756c014b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord589
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
ord519
__vbaStrCat
ord552
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
ord665
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaCyStr
ord520
__vbaBoolVar
__vbaBoolVarNull
_CIsin
__vbaErase
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaUnkVar
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaCastObj
ord540
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd3e97d1a321f0144f165f7ba65a857f

Headers

File Characteristics

Imports

ole32

shlwapi

kernel32

version

Exports

Exports

Sections

.text Size: 513KB - Virtual size: 513KB

.data Size: 36KB - Virtual size: 37KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 33KB - Virtual size: 33KB

5ecf2455161e688800d52bd0756c014b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 513KB - Virtual size: 513KB

.data
Size: 36KB - Virtual size: 37KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB