bf6b033eb83c76117d0edb10fd5baef6_JaffaCakes118

General

Target

bf6b033eb83c76117d0edb10fd5baef6_JaffaCakes118
Size

176KB
MD5

bf6b033eb83c76117d0edb10fd5baef6
SHA1

03c1993399fb6c7a784cbe6239edd7e2256976c4
SHA256

eb52f011929aee572c5e6892cbd37ace79ed6b36d247a23f3ede7e2848170514
SHA512

58b3048a279bb6719bb4bded47c68c583c095ae32aab9e08dbc60001f916e84bacaae5065cbe995a20bc9bbb6d55f9cd2feaa351ce4cc69bc8c77abb72076a7a
SSDEEP

3072:/rJo0z0XQkxoU0i7Tif96whXuAOcVnhzhhKOEyBmdd10oaj8W17wS:/rJ/sQ0TR7m1zDO8VKOE11FW7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xbqqyxdzplscq/SkinH_VB6.dll
unpack001/xbqqyxdzplscq/小白QQ邮箱地址批量生成器1.0.exe

Files

bf6b033eb83c76117d0edb10fd5baef6_JaffaCakes118
.rar
xbqqyxdzplscq/SkinH_VB6.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xbqqyxdzplscq/skin.she
xbqqyxdzplscq/小白QQ邮箱地址批量生成器1.0.exe
.exe windows:4 windows x86 arch:x86

8583d6a11e015c63339f15bdb2132574

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 228KB

.52PoJie Size: 96KB - Virtual size: 112KB

8583d6a11e015c63339f15bdb2132574

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 64KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

.text
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 64KB