5d20e4106ec98b2edfd575a4cae3c6bb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d20e4106ec98b2edfd575a4cae3c6bb_JaffaCakes118
Size

90KB
MD5

5d20e4106ec98b2edfd575a4cae3c6bb
SHA1

8062c8880523516f1eaa10e2f9e0f90d2276248f
SHA256

8d0685eb6af60f910fd2ba0610ce27a43e543137446e85a720af842971e2985c
SHA512

5c5263e03dda410b39af409169d577ff189fa6891955341cb8c3d3284ce78f96431fac8d2a00110722fb7a5b18aad5ca426af2d7ffb8d74f62c931e96cca44f5
SSDEEP

1536:7RkaQHEQRUuZy317eZeSeKKPHqAdBp2cKGqIuRjDDDHbcWeXm1O1yuI3Tysa:g+qZeSIqmp2FGCDDDHb/XeUTyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/trqlzjmogj/war3.dll
unpack001/trqlzjmogj/魔兽争霸显血工具.exe

Files

5d20e4106ec98b2edfd575a4cae3c6bb_JaffaCakes118
.rar
trqlzjmogj/war3.dll
.dll windows:4 windows x86 arch:x86

ca46129b7ebc2a2924c28067d49c833c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetCurrentProcess
LCMapStringW
LCMapStringA
OpenProcess
WriteProcessMemory
GetStringTypeA
CloseHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
RtlUnwind

user32

MessageBoxA
GetWindowThreadProcessId
FindWindowA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

EnableDebugPriv
war3

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
trqlzjmogj/新云软件.url
.url
trqlzjmogj/更新日志.txt
trqlzjmogj/魔兽争霸显血工具.exe
.exe windows:4 windows x86 arch:x86

d913790c56f6d4b6c549bd5b33fb2b86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
__vbaBoolVar
__vbaStrFixstr
ord520
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord608
__vbaFPException
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
ord616
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaI2ErrVar
__vbaCastObj
__vbaStrMove
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca46129b7ebc2a2924c28067d49c833c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

d913790c56f6d4b6c549bd5b33fb2b86

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 360KB - Virtual size: 358KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 360KB - Virtual size: 358KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 4KB