6199c4c6024aab42fc317762d4d1d758_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6199c4c6024aab42fc317762d4d1d758_JaffaCakes118
Size

215KB
MD5

6199c4c6024aab42fc317762d4d1d758
SHA1

a7807c8d71c2d9ec9810dd4d9a6b7117bf5a59de
SHA256

2a5bdac8f4d487452683c75a0ea5685562e28adaa56a360e1eebe51d3dc8f6f9
SHA512

f7eb627bde9de898d0562452dfdeafb0875dec248922a5d505f733aef8492da4adf55e32fd011258927639fd893c0a5036a978f9eb228a0ec31be75d10179518
SSDEEP

6144:pTI6eC7luwzg/f+/g8Ochcix9h66topcDshCyygGzb5M5vH:Vdluwz+8gIcix9vtopgsEyyFFW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/小学算术练习系统V1.0.exe

Files

6199c4c6024aab42fc317762d4d1d758_JaffaCakes118
.rar
readme.txt
小学算术练习系统V1.0.exe
.exe windows:4 windows x86 arch:x86

003ef6d2725aff5b261696ae8b4d9c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
ord594
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaStrFixstr
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
__vbaStrR4
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI2
__vbaR8IntI2
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 836KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url