4c6a5aac2de7d7c2a96e52b1329d6ce0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c6a5aac2de7d7c2a96e52b1329d6ce0_JaffaCakes118
Size

741KB
MD5

4c6a5aac2de7d7c2a96e52b1329d6ce0
SHA1

04b131fe67ff179ec90601fabff6e4a96049d069
SHA256

105e6f824b01ef0cf4615da77dc2c13e0f41982d807bb88d0775a0774c1381ef
SHA512

cf0b8178a8c8aba6d7f045d5ab582728f11aedd886af1135805366d08b4b1b11d9852e460bdf127b8417a9c8a752b30d4cd6c4c9d84780cf44f5a25b831c2466
SSDEEP

12288:pxr3yc+GYtm3P3lkaBFZC+pdPYP+qxGJsgQJCiU+amFjn7gH32NvyX:bDWGy4uaBG+p4dWlQ3SO77I20

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/200652221169560/通用展会管理/FAIR.EXE
unpack001/200652221169560/通用展会管理/FAIRMAIN.EXE

Files

4c6a5aac2de7d7c2a96e52b1329d6ce0_JaffaCakes118
.rar
200652221169560/下载说明.htm
.html .js polyglot
200652221169560/新云软件.url
.url
200652221169560/通用展会管理/BACKUP.BMP
200652221169560/通用展会管理/BackUp.frm
.vbs
200652221169560/通用展会管理/BackUp.frx
200652221169560/通用展会管理/CONFIG.YSL
200652221169560/通用展会管理/ConfigForm.frm
.vbs
200652221169560/通用展会管理/DelForm.frm
.vbs
200652221169560/通用展会管理/FAIR.EXE
.exe windows:4 windows x86 arch:x86

a6f804bb37019a2398f5943544134a3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaVarForInit
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord560
__vbaI2I4
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord647
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
ord619
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
200652221169560/通用展会管理/FAIR.RPT
200652221169560/通用展会管理/FAIR.VBW
200652221169560/通用展会管理/FAIRALL.RPT
200652221169560/通用展会管理/FAIRMAIN.EXE
.exe windows:4 windows x86 arch:x86

d292a756ffc5baca0222bfed0f4636ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
ord520
__vbaFpR8
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaObjVar
__vbaI2I4
__vbaCastObjVar
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaInStr
ord648
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord578
ord100
__vbaVarTstNe
__vbaI4Var
ord689
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaR8IntI4
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
200652221169560/通用展会管理/FAIRMAIN.VBW
200652221169560/通用展会管理/FAIRNAME.RPT
200652221169560/通用展会管理/Fair.mdb
200652221169560/通用展会管理/Fair.vbp
200652221169560/通用展会管理/FairSearch.frm
.vbs
200652221169560/通用展会管理/Fairmain.PDM
200652221169560/通用展会管理/Fairmain.vbp
200652221169560/通用展会管理/Form1.frm
.vbs
200652221169560/通用展会管理/Form1.frx
200652221169560/通用展会管理/MDIForm1.frm
.vbs
200652221169560/通用展会管理/MDIForm1.frx
200652221169560/通用展会管理/MOUSEP.CUR
200652221169560/通用展会管理/Module1.bas
.vbs
200652221169560/通用展会管理/NewForm.frm
.vbs
200652221169560/通用展会管理/Pmove.cur
200652221169560/通用展会管理/Readme.txt
200652221169560/通用展会管理/START.FRX
200652221169560/通用展会管理/SearchDisplay.frm
.vbs
200652221169560/通用展会管理/SearchDisplay.log
200652221169560/通用展会管理/SelectFile.frm
.vbs
200652221169560/通用展会管理/SelectFile.frx
200652221169560/通用展会管理/SelectPath.frm
200652221169560/通用展会管理/SelectPath.frx
200652221169560/通用展会管理/Smove.cur
200652221169560/通用展会管理/TIPOFDAY.TXT
200652221169560/通用展会管理/TRANS.SYS
200652221169560/通用展会管理/TZ.ICO
200652221169560/通用展会管理/fair.DEP
200652221169560/通用展会管理/frmTip.frm
.vbs
200652221169560/通用展会管理/frmTip.frx
200652221169560/通用展会管理/setup.BMP
200652221169560/通用展会管理/setup.SWT
200652221169560/通用展会管理/start.frm
.vbs
200652221169560/通用展会管理/start.log

Sharing

General

Malware Config

Signatures

Files

a6f804bb37019a2398f5943544134a3f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

d292a756ffc5baca0222bfed0f4636ff

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 200KB - Virtual size: 198KB

.data Size: 4KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 200KB - Virtual size: 198KB

.data
Size: 4KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB