ebbab951870be81dd159de7ec78c6593_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebbab951870be81dd159de7ec78c6593_JaffaCakes118
Size

12KB
MD5

ebbab951870be81dd159de7ec78c6593
SHA1

4163161f885d07f191e98c23cd8c5c7be06dfa62
SHA256

91c434d215922c6a8d045ee64c07c00edeff99e97e484d940642503b9df2aba9
SHA512

2f49a54deb5ba92ddeca0e30e7691c883238fe889d65d376e0ca66d1162cfb0b327c6cb0635f6ca12a4043bf0b2a9b05b1387e4e1bb7202ea486a179728850d6
SSDEEP

192:JyQ9a4+m5LB7duxeE9iCpfmva+v2tIN5IyP3ial5AfGa+Kq1ps6sHDATL4jG5zgD:R+xe1imvO25IGnlyO/KGsvAHGG5zgD

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sharon/VB/Planet/Run/RUN.exe
unpack001/VB程序太平洋.EXE

Files

ebbab951870be81dd159de7ec78c6593_JaffaCakes118
.rar
Sharon/VB/Planet/Run/Form1.frm
Sharon/VB/Planet/Run/Module1.bas
.vbs
Sharon/VB/Planet/Run/RUN.exe
.exe windows:4 windows x86 arch:x86

6458e4872369fbd74996148a18e7e28f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaStrToAnsi
__vbaVarDup
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sharon/VB/Planet/Run/Run.vbp
Sharon/VB/Planet/Run/Run.vbw
VB程序太平洋.EXE
.exe windows:4 windows x86 arch:x86

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

6458e4872369fbd74996148a18e7e28f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

d2649867cedca90066a116140657c3c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB