8b56c7aab7da381ef467cb527397243c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b56c7aab7da381ef467cb527397243c_JaffaCakes118
Size

154KB
MD5

8b56c7aab7da381ef467cb527397243c
SHA1

ab742cb3ad3d2305754554d211738a0280c3a7c9
SHA256

e6b46052c18f5ee4ee27893cb3d2ab9eeb71b9f77b6168c0b76ad6cadb41a3f9
SHA512

de9da002e34b14b8dfead854643448f4e05ae6d38d1071992c323b42027d23fd91959fffbf6ef49df5c0ad8c8f4db89c1b64ea5ca7ec11f45715d9205b925391
SSDEEP

3072:T1KB9/8k2rL3f+AtcDbqPBcxAn4vpSvBXLWMWo1wp:3B/v+ucDmJtQcm7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/221089068/TimedMsg.exe
unpack001/221089068/串口编程-云台镜头控制系统/WinIo.dll
unpack001/221089068/串口编程-云台镜头控制系统/WinIo.sys
unpack001/221089068/串口编程-云台镜头控制系统/yuntai.exe

Files

8b56c7aab7da381ef467cb527397243c_JaffaCakes118
.rar
221089068/TimedMsg.exe
.exe windows:4 windows x86 arch:x86

01fdf828df62d7d31d56d9fdd839ad70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
221089068/TimedMsg.frm
.vbs
221089068/TimedMsg.vbp
221089068/下载说明.htm
.html .js polyglot
221089068/串口编程-云台镜头控制系统/MSSCCPRJ.SCC
221089068/串口编程-云台镜头控制系统/Module1.bas
.vbs
221089068/串口编程-云台镜头控制系统/PushButton.cls
221089068/串口编程-云台镜头控制系统/WINIO.VXD
221089068/串口编程-云台镜头控制系统/WinIo.dll
.dll windows:4 windows x86 arch:x86

b9b2bee901bb36181f387e1e336faa1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
DeviceIoControl
GetEnvironmentVariableA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

advapi32

ControlService
CloseServiceHandle
OpenSCManagerA
CreateServiceA
StartServiceA
OpenServiceA
DeleteService

Exports

Exports

GetPhysLong
GetPortVal
InitializeWinIo
InstallWinIoDriver
MapPhysToLin
RemoveWinIoDriver
SetPhysLong
SetPortVal
ShutdownWinIo
UnmapPhysicalMemory

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
221089068/串口编程-云台镜头控制系统/WinIo.lib
221089068/串口编程-云台镜头控制系统/WinIo.sys
.sys windows:4 windows x86 arch:x86

172b54da983eaa27abf08d8ed525b840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IoCreateSymbolicLink
IofCompleteRequest
Ke386IoSetAccessProcess
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwUnmapViewOfSection
IoDeleteDevice
IoGetCurrentProcess

hal

HalTranslateBusAddress

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
221089068/串口编程-云台镜头控制系统/YuntaiConfig.ini
221089068/串口编程-云台镜头控制系统/clsFile.cls
.vbs
221089068/串口编程-云台镜头控制系统/clsSerialPort.cls
221089068/串口编程-云台镜头控制系统/frmCode.frm
221089068/串口编程-云台镜头控制系统/frmConfig.frm
.vbs
221089068/串口编程-云台镜头控制系统/frmConfig.frx
221089068/串口编程-云台镜头控制系统/image/Arrow_up.ico
221089068/串口编程-云台镜头控制系统/image/Thumbs.db
221089068/串口编程-云台镜头控制系统/image/down1.bmp
221089068/串口编程-云台镜头控制系统/image/down2.bmp
221089068/串口编程-云台镜头控制系统/image/left1.bmp
221089068/串口编程-云台镜头控制系统/image/left2.bmp
221089068/串口编程-云台镜头控制系统/image/leftdown1.bmp
221089068/串口编程-云台镜头控制系统/image/leftdown2.bmp
221089068/串口编程-云台镜头控制系统/image/leftup1.bmp
221089068/串口编程-云台镜头控制系统/image/leftup2.bmp
221089068/串口编程-云台镜头控制系统/image/right1.bmp
221089068/串口编程-云台镜头控制系统/image/right2.bmp
221089068/串口编程-云台镜头控制系统/image/rightdown1.bmp
221089068/串口编程-云台镜头控制系统/image/rightdown2.bmp
221089068/串口编程-云台镜头控制系统/image/rightup1.bmp
221089068/串口编程-云台镜头控制系统/image/rightup2.bmp
221089068/串口编程-云台镜头控制系统/image/start.bmp
221089068/串口编程-云台镜头控制系统/image/up1.bmp
221089068/串口编程-云台镜头控制系统/image/up2.bmp
221089068/串口编程-云台镜头控制系统/image/yuntai.bmp
221089068/串口编程-云台镜头控制系统/image/yuntairun.bmp
221089068/串口编程-云台镜头控制系统/image/片段.shs
221089068/串口编程-云台镜头控制系统/yuntai.exe
.exe windows:4 windows x86 arch:x86

03b650e5e2243158a0e831ab08317520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
ord300
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
__vbaBoolVar
ord307
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
ord314
_adj_fprem
_adj_fdivr_m64
ord315
ord316
ord608
ord317
__vbaFPException
ord318
ord717
__vbaUbound
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord689
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
_CIatan
ord618
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
221089068/串口编程-云台镜头控制系统/yuntai.frm
.vbs
221089068/串口编程-云台镜头控制系统/yuntai.frx
221089068/串口编程-云台镜头控制系统/yuntai.vbp
221089068/串口编程-云台镜头控制系统/yuntai.vbw

Sharing

General

Malware Config

Signatures

Files

01fdf828df62d7d31d56d9fdd839ad70

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 844B

b9b2bee901bb36181f387e1e336faa1f

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 4KB - Virtual size: 3KB

172b54da983eaa27abf08d8ed525b840

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 4B

INIT Size: 544B - Virtual size: 536B

.reloc Size: 128B - Virtual size: 108B

03b650e5e2243158a0e831ab08317520

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 100KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 844B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 4B

INIT
Size: 544B - Virtual size: 536B

.reloc
Size: 128B - Virtual size: 108B

.text
Size: 100KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 2KB