86210cc30e7bcd1620accc57687cc559_JaffaCakes118

General

Target

86210cc30e7bcd1620accc57687cc559_JaffaCakes118
Size

59KB
MD5

86210cc30e7bcd1620accc57687cc559
SHA1

2695f0d10de901d101152cde00ba4045ff17ed7a
SHA256

6577c983455f31c59da269842907f30cd45dffcaa1c04dc4c986227463491d91
SHA512

d24d081b64de2b12734e8422a93e177a5b5853074e12a24f2808e17f1d9ee360f326347491b170a6d33e447182f4f9bce7adbec018f41888b935a1bc8d54448c
SSDEEP

1536:4ibXVGM8tFKerFb4H1tNKPUiyKEQ2q9N6:/8tFlJ0zN/KFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xlhyzhfxq52z/xlhyzhfxq/迅雷会员账号分享器.exe

Files

86210cc30e7bcd1620accc57687cc559_JaffaCakes118
.rar
xlhyzhfxq52z/xlhyzhfxq/迅雷会员账号分享器.exe
.exe windows:4 windows x86 arch:x86

f32632d802bcaae3970b365dd70e43ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaLateIdCall
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaForEachCollAd
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaLateMemSt
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord319
__vbaStrVarVal
__vbaCheckType
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI2
__vbaVarCopy
__vbaUnkVar
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xlhyzhfxq52z/使用说明.txt

Sharing

General

Malware Config

Signatures

Files

f32632d802bcaae3970b365dd70e43ee

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 204KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 204KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB