d7198d9549a5cb84de10418ed862efa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d7198d9549a5cb84de10418ed862efa6_JaffaCakes118
Size

84KB
MD5

d7198d9549a5cb84de10418ed862efa6
SHA1

40b8d89546727f7f68726268f77a322b84e33f43
SHA256

58062988b66beb6d700a9e2474007749bc133583112f807585a57132aa9c60f5
SHA512

1617cd2b6856fe6a823575243836158283f7d91103f11ab5498a243e8f8e7072ea8d3a0340b492dd2bc428dd567205c60acc43acf8394d5e68bb0caf8fa6133f
SSDEEP

1536:22s0yYaanqDGQ88z67UgabS4MLVaR5RXnFEvwh5F3mlsFSlf5qAhn/+eThmiv/+B:2kpaa7luHjS1VS5RX2vrPl39L9min+lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CoolButton.ocx

Files

d7198d9549a5cb84de10418ed862efa6_JaffaCakes118
.rar
CoolButton.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

43dc8858a08b1f627224a755f63d3c36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
ord690
__vbaStrI2
ord691
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord517
_adj_fprem1
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
ord629
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
ord593
__vbaForEachCollObj
__vbaI4Abs
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
ord599
ord520
__vbaBoolVar
ord307
__vbaFpR8
_CIsin
ord631
__vbaErase
ord632
__vbaNextEachCollObj
__vbaChkstk
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
ord310
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord312
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFailedFriend
ord608
__vbaFPException
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord689
ord104
ord610
ord105
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI2
ord616
__vbaFpI4
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaCastObj
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VFP/CBUTTON.PJT
VFP/CBUTTON.pjx
VFP/cbutton.SCT
VFP/cbutton.scx
VFP/下载说明.htm
.html .js polyglot
vb/Cbutton.vbp
vb/Cbutton.vbw
vb/Form1.frm
vb/Form1.frx
vb/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

43dc8858a08b1f627224a755f63d3c36

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 221KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 224KB - Virtual size: 221KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 12KB - Virtual size: 11KB