6978e7a39b4c25e4797f2f93a3ea7836_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6978e7a39b4c25e4797f2f93a3ea7836_JaffaCakes118
Size

171KB
MD5

6978e7a39b4c25e4797f2f93a3ea7836
SHA1

583410443dca2d5a9ffb0f43287d1c84f88ceb80
SHA256

df60ba03c27bd5da7f4df0d1dca7ba75fe951996647b3dd58443c56f481914b9
SHA512

306be951a4088617fdc8f564221c4909f866d949439de1f2880e6c364e58d6687748f6109e107b09f34f5b78df1c1af821df532534f007aa2529e216dc7f655b
SSDEEP

3072:kd2km7CPdLH8WphOiT0O2UDTRkgnUWTuEI2HUYR1wApyt/qW5rI/D/Um/v3OVEs:qdFdzhOnOpa6UWTFIMVRFQt/kTRup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/身份证姓名查询软件.exe

Files

6978e7a39b4c25e4797f2f93a3ea7836_JaffaCakes118
.rar
新云软件.url
.url
查询说明图片.jpg
.jpg
说明.txt
身份证姓名查询软件.exe
.exe windows:4 windows x86 arch:x86

f612b063f1a1f2e4d08d9737233864d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ