87b40fab12819bd1816c82b660e825c2_JaffaCakes118 | Triage

Sharing

General

Target

87b40fab12819bd1816c82b660e825c2_JaffaCakes118
Size

149KB
MD5

87b40fab12819bd1816c82b660e825c2
SHA1

b96ccd773ebf8930df7ed38eb53b98cbbd640e3c
SHA256

5a90e65af8d744ef29203e6ba3b39fd6569f6386c914bec463c4274ee47bbfd2
SHA512

c3fc733b1af94ab69e3a66fafd3a3b9007d7978b581fc13232cf7b48f3b8935da4a96646c337b5324eae65c752eea89b4425866fcb95a09b104a52281e48e40d
SSDEEP

3072:7J+Xo5RkoLaVwYxpOhlL3yz0sy/dVZBNzgHhoM8M4jycyuY4ilFUuNVaX:72o/A70Li4sidVyqsuYBN0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/程序太平洋dapha.net.EXE

Files

87b40fab12819bd1816c82b660e825c2_JaffaCakes118
.rar
Art.bmp
Explode.wav
Form1.frm
.vbs
Form1.frx
Hit1.wav
Hit2.wav
Launch.wav
Module1.bas
.vbs
Project1.vbp
Project1.vbw
下载说明.htm
.html .js polyglot
程序太平洋dapha.net.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ