5e0b0eefbd160ae2f40e3f03d1b057f4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e0b0eefbd160ae2f40e3f03d1b057f4_JaffaCakes118
Size

22KB
MD5

5e0b0eefbd160ae2f40e3f03d1b057f4
SHA1

0676d791c91f083d2e69044691aebd00288bbcde
SHA256

a26f111393aebfd55d4ee1113ea1d6c8318c2699eb1cbc3b6786cd07b5b1a712
SHA512

e1c33c6ccda096edac2bca77b3368ca74f7911051167500777ce183fb68aab1900f7aed13943a0da4f059d885e88b76687e673448905256e188298e1ad218ac1
SSDEEP

384:HrBGAuaCLpLHxaRE3z/Kf2nQJRk+zkMAKVoE6bSWNYPi8Jadj3wHdWwia2BYGWEc:HYuu1RaRE/QCMALbSbi/d0kva2BYGWEc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/程序太平洋dapha.net.EXE

Files

5e0b0eefbd160ae2f40e3f03d1b057f4_JaffaCakes118
.rar
Form1.frm
.vbs
Form1.frx
Form2.frm
.vbs
Form3.frm
Form4.frm
Form4.frx
MSSCCPRJ.SCC
OnTop.bas
.vbs
Projet1.PDM
Projet1.vbp
Projet1.vbw
ToRead.frm
ToRead.frx
about.frm
about.frx
findRep.frm
image32.bas
.vbs
l.frm
undo.frm
val1.frm
val2.frm
val3.frm
下载说明.htm
.html .js polyglot
程序太平洋dapha.net.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ