dcb89f619def9c5f7ada94ea6532fcb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcb89f619def9c5f7ada94ea6532fcb2_JaffaCakes118
Size

67KB
MD5

dcb89f619def9c5f7ada94ea6532fcb2
SHA1

b62f4299521f17862091897d277f6e23e1e8fd1a
SHA256

918215b358e6dc5f8b58e8aa0dd9bef1b27e11afc711eda5caaa1989202d5af7
SHA512

2a8d4f04226101f47cdf7d1d6ffdf2638bfb57ca7ad2c525a69d992dcad6f3f627fff4982dbc625bae6e48ff5a101682f46e1e4020f59432ceb5d607fe1c0e5b
SSDEEP

1536:QDGIJRJ16kTSWeo5mncNd/K6n9HzPSq6blVZKyXU/w6U:QzSm5UcNd/Dn9H7Sq2U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQShel/tuziQQ.exe
unpack001/tuziQQ.exe

Files

dcb89f619def9c5f7ada94ea6532fcb2_JaffaCakes118
.rar
Form1.frm
.vbs
Form1.frx
Form2.frm
Module1.bas
.vbs
Module2.bas
.vbs
Module3.bas
QQ.ico
QQShel/Form1.frm
.vbs
QQShel/Form1.frx
QQShel/Form2.frm
QQShel/MSSCCPRJ.SCC
QQShel/Module1.bas
.vbs
QQShel/Module2.bas
.vbs
QQShel/Module3.bas
QQShel/QQ.ico
QQShel/chameleonButton.ctl
.vbs
QQShel/chameleonButton.ctx
QQShel/tuziQQ.exe
.exe windows:4 windows x86 arch:x86

eb8bbb0434ea0685903e7b4a7d161ca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaVarIdiv
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
__vbaBoolVar
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaVargVarMove
__vbaVarCmpGt
__vbaVarZero
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
ord616
__vbaVarCopy
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQShel/下载说明.htm
.html .js polyglot
QQShel/兔子QQ防盗登录器美化版.vbp
QQShel/兔子QQ防盗登录器美化版.vbw
QQShel/关于.txt
QQShel/新云软件.url
.url
QQShel/窗口.bas
.vbs
chameleonButton.ctl
.vbs
chameleonButton.ctx
tuziQQ.exe
.exe windows:4 windows x86 arch:x86

eb8bbb0434ea0685903e7b4a7d161ca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaVarIdiv
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord599
__vbaBoolVar
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaVargVarMove
__vbaVarCmpGt
__vbaVarZero
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
ord616
__vbaVarCopy
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
兔子QQ防盗登录器美化版.vbp
兔子QQ防盗登录器美化版.vbw
关于.txt
新云软件.url
.url
窗口.bas
.vbs

Sharing

General

Malware Config

Signatures

Files

eb8bbb0434ea0685903e7b4a7d161ca2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 148KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 20KB

eb8bbb0434ea0685903e7b4a7d161ca2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 148KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 148KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 148KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 20KB