a20759ae48cde830d2ed41d88f63314a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a20759ae48cde830d2ed41d88f63314a_JaffaCakes118
Size

3.8MB
MD5

a20759ae48cde830d2ed41d88f63314a
SHA1

01f27b0ed80d3b779b79a58b5365abe28888376d
SHA256

97dbc1a3750997dda97f16a215c0559e23f701f1c4eea5e4d39b1cbca08b0df8
SHA512

c3ad97e5b327e445288346152bd8f33a8bcd0e5f32bf9d976e83ffbbd64d117fb4447338d1ec8ecc2eaa9a5e1bd9bc43f97c0ef2e0a6c565365ff01fce1b9829
SSDEEP

98304:ahf73nEIvid+g3uaY/cI0pdY/ZL0NSAQcLBvH7K:2Vk9Y/h0paBL0NJ3BjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Guardio.exe

Files

a20759ae48cde830d2ed41d88f63314a_JaffaCakes118
.rar
Guardio.exe
.exe windows:4 windows x86 arch:x86

4684f495619d37c8b877e9ff7d150297

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pstorec

PStoreCreateInstance

shlwapi

StrFormatByteSizeW

kernel32

RtlMoveMemory
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW

ole32

CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocString
OleTranslateColor
SystemTimeToVariantTime

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaR8FixI4
__vbaVarSub
__vbaVarTstGt
ord583
__vbaStrI2
__vbaVargParmRef
__vbaR8ForNextCheck
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaHresultCheck
__vbaVarVargNofree
ord694
__vbaCyMul
ord587
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
ord588
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaVargObjAddref
ord697
__vbaVarIdiv
__vbaEnd
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
__vbaFpCDblR8
__vbaAryRecMove
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
ord621
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaVarSetVarAddref
__vbaCVarAryUdt
ord519
__vbaI4Sgn
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaError
ord552
__vbaBoolErrVar
__vbaVarTextTstEq
ord660
__vbaLsetFixstr
ord553
__vbaStrDate
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
ord556
ord557
__vbaVargVarCopy
ord558
ord665
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord667
Zombie_GetTypeInfo
__vbaVarXor
__vbaVarCmpGe
__vbaAryDestruct
ord669
ord591
__vbaLateMemSt
EVENT_SINK2_Release
ord592
__vbaVarPow
__vbaBoolStr
__vbaStrBool
ord593
__vbaExitProc
__vbaForEachCollObj
ord300
__vbaI4Abs
ord594
ord301
__vbaCyAdd
ord595
__vbaStrLike
__vbaOnError
__vbaObjSet
ord302
__vbaVargObj
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaVarIndexLoad
ord305
__vbaFpR4
ord306
ord705
__vbaBoolVar
__vbaStrFixstr
ord520
ord307
ord706
ord308
__vbaStrTextCmp
__vbaFPFix
ord309
__vbaVargVar
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord709
__vbaErase
ord631
__vbaLateMemStAd
__vbaVargVarMove
__vbaVarCmpGt
__vbaVarZero
ord632
ord525
__vbaNextEachCollObj
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
__vbaCyI2
__vbaExitEachColl
__vbaGet3
ord529
__vbaStrCmp
__vbaGet4
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaCyI4
__vbaDateR8
__vbaPrintObj
__vbaVarLikeVar
__vbaObjVar
ord561
__vbaI2I4
ord562
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
ord563
__vbaFpUI1
ord564
__vbaCySub
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord568
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaCyUI1
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaVarSetUnk
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
ord310
__vbaRedimVar
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
ord710
__vbaFpCmpCy
__vbaStrUI1
__vbaStr2Vec
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord313
ord605
__vbaPrintFile
ord712
__vbaStrToUnicode
ord314
__vbaR4ErrVar
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
ord315
__vbaVarDiv
__vbaR8ErrVar
ord714
__vbaLateIdStAd
ord607
__vbaFailedFriend
ord316
ord715
ord530
ord608
ord317
__vbaVargVarRef
__vbaVarCmpLe
ord531
__vbaFPException
ord318
ord717
ord532
__vbaInStrVar
ord319
ord533
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
__vbaCheckType
ord535
__vbaDateVar
__vbaLsetFixstrFree
ord536
__vbaI2Var
__vbaStopExe
__vbaFileSeek
ord537
ord644
ord645
ord538
_CIlog
ord646
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
ord570
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaCyMulI2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
ord577
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarLateMemStAd
__vbaVarCmpEq
__vbaForEachAry
__vbaFpCy
ord610
__vbaInStrB
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaCheckTypeVar
__vbaUnkVar
__vbaVarTstGe
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaR8IntI2
__vbaRecDestructAnsi
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
__vbaUI1Str
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaForEachVar
__vbaI4Cy
__vbaR8IntI4
ord619
__vbaStrVarCopy
ord542
__vbaLateIdNamedCall
ord650
ord543
_allmul
__vbaFpCSngR4
__vbaLateIdSt
ord544
__vbaAryRecCopy
__vbaLateMemCallSt
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaUI1Var
ord547
__vbaAryUnlock
_CIexp
__vbaStrCy
__vbaMidStmtBstr
__vbaR8FixI2
__vbaI4ErrVar
__vbaRecAssign
ord580
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProcessDB.dat
Wry.dat
全能优化用户手册.chm
.chm
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

4684f495619d37c8b877e9ff7d150297

Headers

File Characteristics

Imports

pstorec

shlwapi

kernel32

ole32

oleaut32

msvbvm60

Sections

.text Size: 7.4MB - Virtual size: 7.4MB

.data Size: 4KB - Virtual size: 291KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 7.4MB - Virtual size: 7.4MB

.data
Size: 4KB - Virtual size: 291KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB