a3a8a492274b8741a09f32e6734b7241_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3a8a492274b8741a09f32e6734b7241_JaffaCakes118
Size

4.3MB
MD5

a3a8a492274b8741a09f32e6734b7241
SHA1

81002850883128c6997289e7ecda48b5e9ddcfe0
SHA256

ceffb291f7a1a0a47a0c7a48806bc15bd33f282a305603251105a1e6c6ecddc3
SHA512

01e3719d3e53a2ce736ad9c6808da7ccb6f0291e7c2284ad6b9509c0de56321300270d503ce2f29ed348b96e59e54228d3cb9ef7de4441fbbf0a7f8ee735cead
SSDEEP

98304:n2oAIpqghlnSS9bwJII9f0z+j8wjB6okYKSGH4zU5ntrZHazgQWEILqYNj9D:2uPf4fZYQBsSyDZNTqYNl

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9110927405/Command.oca
unpack001/9110927405/Command.ocx
unpack001/9110927405/List.exe
unpack001/9110927405/XPButton.oca
unpack001/9110927405/XPButton.ocx
unpack001/9110927405/colbotton.oca
unpack001/9110927405/colbotton.ocx

Files

a3a8a492274b8741a09f32e6734b7241_JaffaCakes118
.rar
9110927405/1.JPG
.jpg
9110927405/1.bmp
9110927405/111.bmp
9110927405/111.jpg
.jpg
9110927405/2.bmp
9110927405/3.bmp
9110927405/4.bmp
9110927405/9.JPG
.jpg
9110927405/AboutForm.frm
9110927405/Block OS HangOn Audio CD.ico
9110927405/Block OS HangOn Bitmap Image.ico
9110927405/Block OS HangOn Default Document.ico
9110927405/Block OS HangOn Default Icon.ico
9110927405/Block OS HangOn Dial-Up Networking.ico
9110927405/Block OS HangOn Documents.ico
9110927405/Block OS HangOn Find.ico
9110927405/Block OS HangOn Fonts.ico
9110927405/Block OS HangOn Internet Document.ico
9110927405/Block OS HangOn Network Neighborhood.ico
9110927405/Block OS HangOn Rich Text Format.ico
9110927405/Block OS HangOn Run.ico
9110927405/Block OS HangOn Run_p1.bmp
9110927405/Block OS HangOn Run_p2.bmp
9110927405/Block OS HangOn Settings.ico
9110927405/Block OS HangOn Shut Down.ico
9110927405/Book28.ICO
9110927405/CANCEL.ICO
9110927405/Command.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/Command.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord616
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/FULL.ICO
9110927405/Floppy Drive.ico
9110927405/FrmDemo.frm
.vbs
9110927405/FrmDemo.frx
9110927405/FrmDemo.log
9110927405/FrmIN.frm
.vbs
9110927405/FrmIN.frx
9110927405/FrmIN.log
9110927405/FrmLogin.frm
.vbs
9110927405/FrmLogin.frx
9110927405/FrmLogin.log
9110927405/Frmland.frm
.vbs
9110927405/Frmland.frx
9110927405/Frmland.log
9110927405/INCAreaModifier.cls
9110927405/List.PDM
9110927405/List.exe
.exe windows:4 windows x86 arch:x86

9d912c69810918bc857066d438f748ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord588
ord589
MethCallEngine
EVENT_SINK_Invoke
ord516
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord301
ord595
ord304
ord598
ord520
ord307
ord631
ord632
EVENT_SINK_AddRef
ord527
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord606
ord609
ord716
ord717
ord319
ProcCallEngine
ord644
ord537
ord645
ord573
EVENT_SINK2_AddRef
ord576
ord685
ord100
ord611
ord320
ord321
ord616
ord617
ord618
ord650
ord581

Sections

.text
Size: 728KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9110927405/List.vbp
9110927405/List.vbw
9110927405/MAIL.ICO
9110927405/MAIL_p2.bmp
9110927405/MDWarehouse.bas
9110927405/MOTOLO~1.ICO
9110927405/MSSCCPRJ.SCC
9110927405/Mainform.frm
.vbs
9110927405/Media Player2.ico
9110927405/ScoreForm.frm
9110927405/SetCode.frm
.vbs
9110927405/SetCode.frx
9110927405/SetCode.log
9110927405/TIMER.frm
9110927405/TIMER.frx
9110927405/TURN OF.ico
9110927405/TURN OF1.ico
9110927405/Win2000_p07.bmp
9110927405/Win2000_p14.bmp
9110927405/Win2000_p21.bmp
9110927405/Win2000_p67.bmp
9110927405/Word.ico
9110927405/Word_p2.bmp
9110927405/XPButton.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/XPButton.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

61a443de579afe8cad64c9ea5654b7ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaPrintObj
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/Yttrium Icon 3.ico
9110927405/cMemDC.cls
.vbs
9110927405/cMenuBar.cls
.vbs
9110927405/cNCCalcSize.cls
.vbs
9110927405/cNeoCaption.cls
.vbs
9110927405/cToolbarMenu.cls
.vbs
9110927405/colbotton.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/colbotton.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

5037c68cd5ec4aa0429982092dc114ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
ord717
__vbaStrVarVal
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9110927405/harrow.cur
9110927405/hmove.cur
9110927405/iPack v2 Icon 05.ico
9110927405/iPack v2 Icon 05_p1.bmp
9110927405/iPack v2 Icon 05_p2.bmp
9110927405/iPack v2 Icon 13.ico
9110927405/iPack v2 Icon 14.ico
9110927405/iPack v2 Icon 34.ico
9110927405/iPack v2 Icon 57.ico
9110927405/iPack v2 Icon 59.ico
9110927405/isubclass.cls
.vbs
9110927405/mDeclares.bas
.vbs
9110927405/skin_default.gif
9110927405/subclass.bas
.vbs
9110927405/subclass.cls
9110927405/timer.bas
.vbs
9110927405/timer.cls
.vbs
9110927405/下载说明.htm
.html .js polyglot
9110927405/地球.gif
.gif
9110927405/天使.GIF
.gif
9110927405/未.jpg
.jpg
9110927405/未标题-1.psd
9110927405/材料目录.mdb
9110927405/蝴蝶.gif
.gif
9110927405/鼠标跟随：飞翔之星.swf

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 25KB - Virtual size: 28KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 7KB

9d912c69810918bc857066d438f748ce

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 728KB - Virtual size: 726KB

.data Size: - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 14KB - Virtual size: 16KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

61a443de579afe8cad64c9ea5654b7ed

Headers

File Characteristics

Imports

msvbvm50

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 21KB - Virtual size: 24KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

5037c68cd5ec4aa0429982092dc114ec

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 25KB - Virtual size: 28KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 728KB - Virtual size: 726KB

.data
Size: - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 16KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 21KB - Virtual size: 24KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 5KB