dc39b6113f6ea945a903d3347185fee6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc39b6113f6ea945a903d3347185fee6_JaffaCakes118
Size

187KB
MD5

dc39b6113f6ea945a903d3347185fee6
SHA1

8f677ee01f16756df7707f263aaeff6b87c065fa
SHA256

b93dd84620dc5830f3641b9ba5d962cd160e2750a92a6069868c87fe1ad9f1e3
SHA512

1c39a960bf4f3a401ab8f83c818be6df4cb717b7639274e3656e75897466ba5f25a1874127abff14a1539ecb32d5e17ef74a08b6cd175249cb42df1c55f7f042
SSDEEP

3072:oIKuHiPkUgZT0Tv5b+6cz+mR0MdNHgDM5pI5OG4Zh9WLgxki0dcdMT2YEaaX3NIk:QuHiPT7TA6cKmWMduDM5pSb27Wkxktdm

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Alphablending.dll
unpack001/MSIMG32.DLL
unpack001/VB程序太平洋.EXE

Files

dc39b6113f6ea945a903d3347185fee6_JaffaCakes118
.rar
Alphablending.dll
.dll windows:4 windows x86 arch:x86

06219d677d57af174304aefeae9a7fdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

AlphaBlend

kernel32

FreeEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
HeapFree
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcAddress
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
LoadLibraryA
FlushFileBuffers
CloseHandle
SetStdHandle

Exports

Exports

AlphaBlending

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIMG32.DLL
.dll windows:5 windows x86 arch:x86

df200d7c307e1197fe4006aa4ab3803d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

_ftol
_except_handler3

ntdll

DbgPrint

kernel32

lstrlenA
GetStdHandle
WriteFile
LocalAlloc
LocalFree
InterlockedExchange
SetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA

user32

WindowFromDC
GetClientRect
wvsprintfA

gdi32

DeleteObject
GetObjectA
SetDIBitsToDevice
CreateSolidBrush
GetObjectType
GetCurrentObject
SetViewportExtEx
SetWindowOrgEx
SetWindowExtEx
SetMapMode
GetClipBox
SetStretchBltMode
StretchBlt
StretchDIBits
CreateCompatibleBitmap
GetDIBits
PatBlt
SetDIBits
CreatePalette
GetNearestPaletteIndex
GetDeviceCaps
LPtoDP
CreateCompatibleDC
SetViewportOrgEx
DeleteDC
SelectObject
CreateDIBSection
BitBlt

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module1.bas
VB程序太平洋.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
frmSplash.frm
frmSplash.frx
prjSplash.vbp
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

06219d677d57af174304aefeae9a7fdb

Headers

File Characteristics

Imports

msimg32

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 15KB

.reloc Size: 1KB - Virtual size: 1KB

df200d7c307e1197fe4006aa4ab3803d

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 4KB - Virtual size: 764B

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 4KB - Virtual size: 764B

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB