84e98329f42bb9340b9e9e31d3bf7410_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84e98329f42bb9340b9e9e31d3bf7410_JaffaCakes118
Size

347KB
MD5

84e98329f42bb9340b9e9e31d3bf7410
SHA1

4023dea0e72506bd06e7d1f0cec7a5708286e2e5
SHA256

4916963156ab8382cd9d7bb7de0f7469214e777e9a3524c5bd1dae265c52e9b2
SHA512

231ddcc7776d63e6cb779ff9f1c210d02d017db6825e3cad1528915e6657edf4e25abab12bdd15468d113e4faecb133a6c5074793703c458fdd9cb7fc87e7b51
SSDEEP

6144:X5kC66d/aK8qHH3u0iiR3FBU0WmHVKqQRsJG5oHlOULpau0D3sSN:X5kCTxFH+0iiPB71KqQ6vHVau0YSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/22827896/神兵广告系统.exe

Files

84e98329f42bb9340b9e9e31d3bf7410_JaffaCakes118
.rar
22827896/1.bmp
22827896/DataReport1.DCA
22827896/DataReport1.Dsr
22827896/HOME.ICO
22827896/MSSCCPRJ.SCC
22827896/bp1print_ppp.DCA
22827896/bp1print_ppp.dsx
22827896/database.mdb
22827896/database2.mdb
22827896/frmLogin.frm
.vbs
22827896/frmcgechangshang.frm
.vbs
22827896/frmcgedaili.frm
.vbs
22827896/frmcgehetong.frm
.vbs
22827896/frmcgetoufang.frm
.vbs
22827896/frmcgetoufang.frx
22827896/frmcgetoufang.log
22827896/frmchangepwd.frm
.vbs
22827896/frmchangshang.frm
.vbs
22827896/frmdaili.frm
.vbs
22827896/frmenterguanggao.frm
.vbs
22827896/frmmain.frm
22827896/frmmain.frx
22827896/frmsearch.frm
.vbs
22827896/frmtoufang.frm
.vbs
22827896/frmtoufang.frx
22827896/frmusermanager.frm
.vbs
22827896/main.frm
22827896/rpttoufang.DCA
22827896/rpttoufang.Dsr
22827896/下载说明.htm
.html .js polyglot
22827896/神兵广告系统.DEP
22827896/神兵广告系统.PDM
22827896/神兵广告系统.exe
.exe windows:4 windows x86 arch:x86

9bcde32c9f22bdc0b4f953cc67090650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord553
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaLateMemSt
__vbaVarForInit
ord300
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
ord306
ord520
ord309
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
ord560
ord561
__vbaObjVar
__vbaVarOr
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaLateMemCall
__vbaFreeVarg
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord542
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
22827896/神兵广告系统.vbp
22827896/神兵广告系统.vbw

Sharing

General

Malware Config

Signatures

Files

9bcde32c9f22bdc0b4f953cc67090650

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 928KB - Virtual size: 928KB

.data Size: 4KB - Virtual size: 25KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 928KB - Virtual size: 928KB

.data
Size: 4KB - Virtual size: 25KB

.rsrc
Size: 8KB - Virtual size: 8KB