a6ddbae2e6d7803c4bba684a753b89cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6ddbae2e6d7803c4bba684a753b89cd_JaffaCakes118
Size

1.9MB
MD5

a6ddbae2e6d7803c4bba684a753b89cd
SHA1

fe8881e5e5b697eb6ed46c75b7ed7588a8c2b5b8
SHA256

0e3c1aa20472ef1970ea4b9ff9aabb58505ef59ec171e9d40d5cf846bf8db21b
SHA512

28fd17185f8c488b6dd60418c2c0558954e95a01ef4bf325fdfec7a5ad8f44862c3f6e94f92c1f6c25b3f3ed3dd2fc5c802437097d2e6d1aa6e6c4a611cbad0f
SSDEEP

49152:kq+u6T+xy8zhFz/zV9RIcKuNgvS4Nxi3PGnyK8B:kFu6Talp/zV9OckHLifGnyKa

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/test2009.exe
unpack001/test2009.uzy

Files

a6ddbae2e6d7803c4bba684a753b89cd_JaffaCakes118
.rar
test2009.exe
.exe windows:1 windows x86 arch:x86

7c8abe14184660036988d6f66a50caea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

mpr

WNetGetUniversalNameA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

comdlg32

GetOpenFileNameA

Sections

pec1
Size: 169KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
test2009.uzy
.exe windows:4 windows x86 arch:x86

435414d4008d4fb6e0a2d01f92fc8c37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarDup
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url
注册.txt

Sharing

General

Malware Config

Signatures

Files

7c8abe14184660036988d6f66a50caea

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

ole32

comctl32

comdlg32

Sections

pec1 Size: 169KB - Virtual size: 424KB

.rsrc Size: 10KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 4KB

435414d4008d4fb6e0a2d01f92fc8c37

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 84KB - Virtual size: 82KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

pec1
Size: 169KB - Virtual size: 424KB

.rsrc
Size: 10KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 82KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB