dbe06bf89721021df45ff19beb12f201_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbe06bf89721021df45ff19beb12f201_JaffaCakes118
Size

1.6MB
MD5

dbe06bf89721021df45ff19beb12f201
SHA1

55980a39c660830acf915d666cf1b23241e252bb
SHA256

82ecac4dd0aa780b33a45811b3b24de3bc0fce07210aee7bb23b8f3ee3cbe6d5
SHA512

542d8712cff931f0da12a42107155048c06c593b674cf4eea57519e874d55391233effe6cd734eee871f4ab1614c755ceddf779d2c8e938fe41e8856be94cb0f
SSDEEP

49152:/53tUELR3DNVMVm89+OfoPbBdVWYwlHDcoNn:R36E1TN2OOwT1CdcoNn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/50710175/教务信息管理系统.EXE
unpack002/Ϣϵͳ.exe

Files

dbe06bf89721021df45ff19beb12f201_JaffaCakes118
.rar
50710175/1.SWT
50710175/ABOUTBOX.FRM
.vbs
50710175/ABOUTBOX.FRX
50710175/ABOUTBOX.LOG
50710175/BROWER.FRM
.vbs
50710175/BROWER.FRX
50710175/CHECK.BAS
.vbs
50710175/DATABASE/MARK.MDB
50710175/DATABASE/OLDSTUDENT.MDB
50710175/DATABASE/STUDENT.MDB
50710175/EMPTYDATABASE/STUDENT.MDB
50710175/FOJKD.FRM
50710175/FOJKD.FRX
50710175/FORTIEJ.FRM
.vbs
50710175/FORTIEJ.FRX
50710175/FORTIEJ2.FRM
50710175/FORTIEJ2.FRX
50710175/FRMADD.FRM
50710175/FRMADD.FRX
50710175/FRMALARM.FRM
50710175/FRMALARM.FRX
50710175/FRMBASEINPUT.FRM
.vbs
50710175/FRMBASEINPUT.FRX
50710175/FRMBASEINPUT.LOG
50710175/FRMBASEINPUTNEW.FRM
.vbs
50710175/FRMBASEINPUTNEW.FRX
50710175/FRMBROWSER.FRM
.vbs
50710175/FRMBROWSER.FRX
50710175/FRMCHECKREPEAT.FRM
.vbs
50710175/FRMCHOICE.FRM
50710175/FRMCHOICE.FRX
50710175/FRMCHONGDU.FRM
.vbs
50710175/FRMCHONGDU.FRX
50710175/FRMCONGDU.FRM
.vbs
50710175/FRMCONGDU.FRX
50710175/FRMCOUNTMAIN.FRM
.vbs
50710175/FRMCOUNTMAIN.FRX
50710175/FRMCOUNTMAIN.LOG
50710175/FRMDANG.FRM
.vbs
50710175/FRMDANG.FRX
50710175/FRMDATABASE.FRM
.vbs
50710175/FRMDATABASE.FRX
50710175/FRMDATAGRID.FRM
.vbs
50710175/FRMDATAGRID.FRX
50710175/FRMDEFINE.FRM
.vbs
50710175/FRMDEFINE.FRX
50710175/FRMDEMO.FRM
.vbs
50710175/FRMDEMO.FRX
50710175/FRMDINW.FRM
50710175/FRMDINW.FRX
50710175/FRMDINW.LOG
50710175/FRMDISPPHOTO.FRM
50710175/FRMDISPPHOTO.FRX
50710175/FRMDW.FRM
.vbs
50710175/FRMDW.FRX
50710175/FRMDW.LOG
50710175/FRMDYCX.FRM
.vbs
50710175/FRMDYCX.FRX
50710175/FRMFLASH.FRM
50710175/FRMFLASH.FRX
50710175/FRMFLASH.LOG
50710175/FRMFORDJTZB.FRM
.vbs
50710175/FRMFORDJTZB.FRX
50710175/FRMFORSHSJB.FRM
.vbs
50710175/FRMFORSHSJB.FRX
50710175/FRMGRID.FRM
.vbs
50710175/FRMGRID.FRX
50710175/FRMGRIDMODIFY.FRM
.vbs
50710175/FRMGRIDMODIFY.FRX
50710175/FRMGRIDPARTY.FRM
.vbs
50710175/FRMGRIDPARTY.FRX
50710175/FRMHELP.FRM
50710175/FRMHELP.FRX
50710175/FRMHELP.LOG
50710175/FRMINPUTDATA.FRM
50710175/FRMINPUTDATA.FRX
50710175/FRMJIANG.FRM
50710175/FRMJIANG.FRX
50710175/FRMJTQKBMDI.FRM
50710175/FRMJTQKBMDI.FRX
50710175/FRMKB_XZ.FRM
50710175/FRMKB_XZ.FRX
50710175/FRMKCDW.FRM
50710175/FRMKCDW.FRX
50710175/FRMLISTFIE.FRM
50710175/FRMLISTFIE.FRX
50710175/FRMLOGIN.FRM
.vbs
50710175/FRMMAIN3.FRM
.vbs
50710175/FRMMAIN3.FRX
50710175/FRMMAIN3.LOG
50710175/FRMMAIN4.FRM
.vbs
50710175/FRMMAIN4.FRX
50710175/FRMMARK.FRM
.vbs
50710175/FRMMARK.FRX
50710175/FRMMARK.LOG
50710175/FRMMARKEXIT.FRM
50710175/FRMMARKEXIT.FRX
50710175/FRMMARKIN.FRM
50710175/FRMMARKIN.FRX
50710175/FRMMARKLIST.FRM
.vbs
50710175/FRMMARKLIST.FRX
50710175/FRMMARKLIST.LOG
50710175/FRMMDIREPORTS.FRM
50710175/FRMMDIREPORTS.FRX
50710175/FRMPARTYINPUT.FRM
.vbs
50710175/FRMPARTYINPUT.FRX
50710175/FRMPARTYLIST.FRM
.vbs
50710175/FRMPARTYLIST.FRX
50710175/FRMPARTYPRINT.FRM
50710175/FRMPARTYPRINT.FRX
50710175/FRMPASS.FRM
50710175/FRMPASS.FRX
50710175/FRMPATH.FRM
50710175/FRMPATH.FRX
50710175/FRMPRINT.FRM
.vbs
50710175/FRMPRINT.FRX
50710175/FRMQUERYCOUNT.FRM
.vbs
50710175/FRMQUERYCOUNT.FRX
50710175/FRMQUERYMAIN.FRM
.vbs
50710175/FRMQUERYMAIN.FRX
50710175/FRMQUERYMAIN2.FRM
.vbs
50710175/FRMQUERYMAIN2.FRX
50710175/FRMQUERYMAIN2.LOG
50710175/FRMQUERYPARTY.FRM
.vbs
50710175/FRMQUERYPARTY.FRX
50710175/FRMQUERYROOM.FRM
.vbs
50710175/FRMQUERYROOM.FRX
50710175/FRMQUERYS.FRM
.vbs
50710175/FRMQUERYS.FRX
50710175/FRMROOMINPUT.FRM
.vbs
50710175/FRMROOMINPUT.FRX
50710175/FRMROOMINPUT2.FRM
.vbs
50710175/FRMROOMINPUT2.FRX
50710175/FRMROOMMODIFY.FRM
.vbs
50710175/FRMROOMMODIFY.FRX
50710175/FRMSETUP.FRM
50710175/FRMSETUP.FRX
50710175/FRMSQLMARK.FRM
50710175/FRMSQLMARK.FRX
50710175/FRMSQLMARK.LOG
50710175/FRMSSHREPORT.FRM
50710175/FRMSYSTEMNEWUSER.FRM
.vbs
50710175/FRMSYSTEMNEWUSER.FRX
50710175/FRMSYSTEMNEWUSER.LOG
50710175/FRMSYSTEMUSERMODIFY.FRM
.vbs
50710175/FRMSYSTEMUSERMODIFY.FRX
50710175/FRMSYSTEMUSERMODIFY.LOG
50710175/FRMUSER.FRM
.vbs
50710175/FRMUSER.FRX
50710175/FRMUSER.LOG
50710175/FRMXUEH.FRM
.vbs
50710175/FRMXUEH.FRX
50710175/FRMXUEH.LOG
50710175/FRMXXKC.FRM
.vbs
50710175/FRMXXKC.FRX
50710175/FRMYD.FRM
50710175/FRMYD.FRX
50710175/FRMZDKTWO.FRM
.vbs
50710175/FRMZDKTWO.FRX
50710175/HELP/ADDDATA.TXT
50710175/HELP/BASECOUNT.TXT
50710175/HELP/BASEIN.TXT
50710175/HELP/BROW.INI
50710175/HELP/BYFP.TXT
50710175/HELP/CXXX.TXT
50710175/HELP/DJCL.TXT
50710175/HELP/DJCX.TXT
50710175/HELP/DJTJ.TXT
50710175/HELP/DJXG.TXT
50710175/HELP/DOC1.DOC
.doc windows office2003
50710175/HELP/JBTJ.TXT
50710175/HELP/JCQZDB.TXT
50710175/HELP/PARTYIN.TXT
50710175/HELP/PARTYLIST.TXT
50710175/HELP/PARTYMODIFY.TXT
50710175/HELP/PARTYQUERY.TXT
50710175/HELP/REPAIR.TXT
50710175/HELP/SHSJB.TXT
50710175/HELP/SHUSE.TXT
50710175/HELP/STUDENT.HLP
50710175/HELP/党建材料.TXT
50710175/HELP/党建输入.TXT
50710175/HELP/查询信息使用说明.TXT
50710175/MODDYCX.BAS
50710175/MODFORMDI.BAS
50710175/MODFORPARTY.BAS
50710175/MODFORROOM.BAS
50710175/MODMNUCTR.BAS
50710175/MODULE1.BAS
50710175/PHOTO/P6601001.JPG
.jpg
50710175/PHOTO/P6601002.JPG
.jpg
50710175/PHOTO/P6601003.JPG
.jpg
50710175/PHOTO/P6601004.JPG
.jpg
50710175/PHOTO/P6601005.JPG
.jpg
50710175/PHOTO/P6601006.JPG
.jpg
50710175/PICTURE/CLOUD.JPG
.jpg
50710175/PRINT/PARTY.RPT
50710175/PRINT/ROOM.RPT
50710175/PRINT/STUDENTMDI.RPT
50710175/PRINTDOC/B1/MARKLOOK.XLS
.xls windows office2003
50710175/PRINTDOC/B1/不及格报警统计.XLS
.xls windows office2003
50710175/PRINTDOC/B1/个人不及格情况统计.XLS
.xls windows office2003
50710175/PRINTDOC/B1/个人成绩大表.XLS
.xls windows office2003
50710175/PRINTDOC/B1/个人简历.XLS
.xls windows office2003
50710175/PRINTDOC/B1/成绩通知单.XLS
.xls windows office2003
50710175/PRINTDOC/B1/班级花名册.XLS
.xls windows office2003
50710175/PRINTDOC/B1/班级补考情况一览.XLS
.xls windows office2003
50710175/PRINTDOC/B1/第二学位课程成绩统计.XLS
.xls windows office2003
50710175/PRINTDOC/B1/详细个人成绩大表.XLS
.xls windows office2003
50710175/PRINTDOC/B1/详细个人成绩大表NEW.XLS
.xls windows office2003
50710175/PRINTDOC/B1/课程成绩.XLS
.xls windows office2003
50710175/PRINTDOC/B1/选修课成绩统计.XLS
.xls windows office2003
50710175/PRINTDOC/B1/重读生信息.XLS
.xls windows office2003
50710175/PRINTDOC/个人不及格情况统计.XLS
.xls windows office2003
50710175/PRINTDOC/个人成绩大表.XLS
.xls windows office2003
50710175/PRINTDOC/个人简历.XLS
.xls windows office2003
50710175/PRINTDOC/班级花名册.XLS
.xls windows office2003
50710175/PRINTDOC/班级课程成绩.XLS
.xls windows office2003
50710175/PRINTDOC/课程成绩.XLS
.xls windows office2003
50710175/SETUPWIZ/学生信息管理.EXE
50710175/SYSTEM/NOTE1.TXT
50710175/SYSTEM/PIC.TXT
50710175/SYSTEM/WINPATH.TXT
50710175/SYSTEM/一般工作人员.TXT
50710175/SYSTEM/系统管理员.TXT
50710175/TEMPPRINT/个人不及格情况统计.XLS
.xls windows office2003
50710175/TEMPPRINT/个人成绩大表.XLS
.xls windows office2003
50710175/TEMPPRINT/个人简历.XLS
.xls windows office2003
50710175/TEMPPRINT/班级花名册.XLS
.xls windows office2003
50710175/TEMPPRINT/班级补考情况一览.XLS
.xls windows office2003
50710175/TEMPPRINT/考试成绩一览.XLS
.xls windows office2003
50710175/TEMPPRINT/课程考试成绩.XLS
.xls windows office2003
50710175/下载说明.htm
.html .js polyglot
50710175/学生信息.VBW
50710175/学生信息管理.VBW
50710175/学生信息管理系统.VBW
50710175/教务信息管理系统.EXE
.exe windows:4 windows x86 arch:x86

3c8f05325bdefe221ee0d5c9e6aff741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord625
ord557
ord595
ord596
ord598
ord305
ord520
ord524
EVENT_SINK_AddRef
ord529
ord560
DllFunctionCall
EVENT_SINK_Release
ord600
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
ord534
ProcCallEngine
ord681
ord576
ord577
ord685
ord100
ord610
ord613
ord617
ord619
ord581

Sections

.text
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
50710175/教务信息管理系统.ZIP
.zip
Ϣϵͳ.exe
.exe windows:4 windows x86 arch:x86

d7ae20d7aeb04422344809eee21b27d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
ord625
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
ord520
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord524
__vbaVargVarMove
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
__vbaAryConstruct
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
__vbaLateIdCallSt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord313
__vbaInputFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarCmpLe
__vbaFPException
__vbaStrVarVal
ord534
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
ord577
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
__vbaVarTstGe
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
50710175/教务管理.VBW
50710175/教务管理系统.VBP
50710175/教务管理系统.VBW
50710175/考试成绩一览.XLS
.xls windows office2003

Sharing

General

Malware Config

Signatures

Files

3c8f05325bdefe221ee0d5c9e6aff741

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 732KB - Virtual size: 731KB

.data Size: - Virtual size: 56KB

.idata Size: 512B - Virtual size: 456B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

d7ae20d7aeb04422344809eee21b27d2

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 512B - Virtual size: 56KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 84KB - Virtual size: 84KB

.text
Size: 732KB - Virtual size: 731KB

.data
Size: - Virtual size: 56KB

.idata
Size: 512B - Virtual size: 456B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 512B - Virtual size: 56KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 84KB - Virtual size: 84KB