b85536d0059b762a281b0f00ef06dcdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b85536d0059b762a281b0f00ef06dcdf_JaffaCakes118
Size

89KB
MD5

b85536d0059b762a281b0f00ef06dcdf
SHA1

50f51047c0386d8c8502e9410e892d1834a683b4
SHA256

eb624ac5cdb507dbf425a92d2fba5b6a367f048248db84a8136e91e6135ec083
SHA512

557b3c726817421989c2a18b6e782b72fb71be5dd4c1056d3f51c49b825155866d0b601c76461717febcad012fda0779873743c0d97897a6e07adafed0da149c
SSDEEP

1536:5/zHHHHH21Nly6aVq7llVzkWhqDAqcvsT1dFwA+odNdD5H0Y8o56jim9e7eU3:5/zHHHHHN6aU7l7ViAqckwA+odNLoemm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CD Deluxe.exe

Files

b85536d0059b762a281b0f00ef06dcdf_JaffaCakes118
.rar
CD About Form.frm
CD About Form.frx
CD Deluxe.exe
.exe windows:4 windows x86 arch:x86

f28d834be66d0a2ab5a6111a47e02d47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaBoolStr
__vbaExitProc
ord301
__vbaObjSet
ord595
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
ord520
__vbaStrFixstr
ord307
ord309
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaObjVar
ord561
DllFunctionCall
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CD Deluxe.vbp
CD Deluxe.vbw
CD Interface Form.frm
.vbs
CD Interface Form.frx
CD Main Module.bas
ReadMe First.txt
Registry Module.bas
.vbs
Skin Black.bmp
Skin Blue.bmp
Skin Gold.bmp
Skin Grey.bmp
Skin Red.bmp
quar.tt_
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

f28d834be66d0a2ab5a6111a47e02d47

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 336KB - Virtual size: 335KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 336KB - Virtual size: 335KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 7KB - Virtual size: 6KB