82049a51801e4beedbe6af87cda8a587_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82049a51801e4beedbe6af87cda8a587_JaffaCakes118
Size

36KB
MD5

82049a51801e4beedbe6af87cda8a587
SHA1

dba45ca3e37e927eec4adb1be727c033f40ea686
SHA256

9538eb7da88030573833e6c3b0c39a937b5f710d9206ab45c872cd06b5d52490
SHA512

ae187d4ed263dbfbdb07cf9f2c891aa0240a9b88d68890f7c15f3f64a85dcda8ca35078010296c18bb995c50ef5edc530ebfa8ccf000029f48ca2da2aa5fb9f9
SSDEEP

768:45ep4pOFi+6hqTpxFgxUA71mX0e6lVOD2XV5l4n/tcbiIYVWVwAwZN1H:C64p0i+6hqTqmA786lK2XV8FcpVwAwZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WINHACK.exe

Files

82049a51801e4beedbe6af87cda8a587_JaffaCakes118
.rar
WINHACK.exe
.exe windows:4 windows x86 arch:x86

e356c36e6a1a0ee7761db73b50a65fe8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord524
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
ord561
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord608
ord531
__vbaFPException
ord532
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHack.vbp
WinHack.vbw
frmMoveWH.frm
frmMoveWH.frx
frmWinHack.frm
.vbs
frmWinHack.frx
modAPIWHack.bas
.vbs
modRegistry.bas
.vbs
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

e356c36e6a1a0ee7761db73b50a65fe8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 72KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB