f00a52f9dad39cd4c260a66aeca78521_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f00a52f9dad39cd4c260a66aeca78521_JaffaCakes118
Size

1.2MB
MD5

f00a52f9dad39cd4c260a66aeca78521
SHA1

a042d6542412dae705a624bd11660cbbb118092c
SHA256

1d44dba88e66a330d558ae3efca00e3c6169e2a83e53a69ba7ee9eda453ab8eb
SHA512

1bc66728263368ac3df04e190f87f06509aa3b56f370690758b7c72d06f742829dbe96548f65503f93fb23eb9e8fa68cc4bfa9dd6c505aecc543cac055370053
SSDEEP

12288:B7jjXIRACexGKB+eZZVmSueh71faArm0Bbq7dCbSCJG/62d7TiTvlVvVfS2GWCWp:B7jjXIaDBlZ+eriyGZ36tVvqWgko6Dv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/黄昱关机控制系统V4.5.exe

Files

f00a52f9dad39cd4c260a66aeca78521_JaffaCakes118
.rar
新云软件.url
.url
黄昱关机控制系统V4.5.exe
.exe windows:4 windows x86 arch:x86

03088e78ce1d223121be3f1137680bac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord660
ord553
ord595
ord520
EVENT_SINK_AddRef
ord529
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord716
ord645
ord100
ord610
ord612
ord542
ord543
ord544
ord545
ord546
ord547

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ