fb7aff82b3a5ad510d4c268f907c1125_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb7aff82b3a5ad510d4c268f907c1125_JaffaCakes118
Size

63KB
MD5

fb7aff82b3a5ad510d4c268f907c1125
SHA1

172f6c5779d915e993fd2dc8f4bef0f447451eba
SHA256

7fbd0ddc60e6b61b1259257c9f807ca53ba8f7461bc1a459c1c761008cecb096
SHA512

e045f0ab862d9ae6cdc33f3d1b4b90a109e371adaa485ed78e21a6e8be42a2f0752ce39c1c1aa7bf4a1f4914ff304b80fc9547a765858f2988d2ff3f5915f4e5
SSDEEP

1536:X9j5W28uyfAV4kKJ7ojjNViS8hqdKxCwf3pWB4Xz6AHUUAc:X/W/zFky7GkqIxC0pWB4D6APAc

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Command.ocx
unpack001/乞丐网马V4.22（4项组合）.exe

Files

fb7aff82b3a5ad510d4c268f907c1125_JaffaCakes118
.rar
##请注意##.txt
77169.org使用帮助说明.txt
77169.org软件说明.htm
.html
Command.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord616
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
乞丐网马V4.22（4项组合）.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

b4a14e16e9f70d4073341cecfa986bda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaWriteFile
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
华夏新科技IDC司服务.url
华夏新科技安全维护.url
华夏黑客同盟.url
华夏黑客同盟教学培训中心.url

Sharing

General

Malware Config

Signatures

Files

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 7KB

b4a14e16e9f70d4073341cecfa986bda

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 64KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB