545f73871580a575ca6201bac78726c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

545f73871580a575ca6201bac78726c9_JaffaCakes118
Size

1.3MB
MD5

545f73871580a575ca6201bac78726c9
SHA1

206df5ad1254793a2a88e09d9f27d78e69a377e1
SHA256

4028082d4ece481be9b491312114d2b647c5563431a6b013b5d442f13301c5d0
SHA512

75d87c9e71064c3e367df4a488efe73b530ab807a767ba62799d7379efb39283e6768f08606cfa1ca3573d27459061adbdca8aa62434801365c1584563c29629
SSDEEP

24576:6mgj36W0wYnb9bCLpQbbdMtsont0BIIue5/qbasJNKLhoh5MFtWJXIQXSz:BqVCsLpQ3ZeRA5cJELCXjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ农场守望者6.9/6.9.exe

Files

545f73871580a575ca6201bac78726c9_JaffaCakes118
.rar
QQ农场守望者6.9/!创e下载┆绿色创意软件天堂.URL
.url
QQ农场守望者6.9/6.9.exe
.exe windows:4 windows x86 arch:x86

b4dd853de109b138a8635cd742d59ac3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaVarCmpGe
__vbaLateMemSt
__vbaVarForInit
ord593
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
ord520
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord525
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
_adj_fpatan
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
ord310
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord312
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
__vbaVarCmpLt
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
ord616
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ农场守望者6.9/ncswz.dat
.exe windows:4 windows x86 arch:x86

Code Sign

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

17-10-2009 16:00

Not After

18-10-2012 16:00

Subject

CN=Microsoft Corporation

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA

Not Before

30-09-1999 16:00

Not After

16-07-2036 16:00

Subject

CN=VeriSign Class 3 Code Signing 2009 CA

a0:ac:87:24:b3:58:20:e2:2e:a2:c4:83:b9:4f:5c:17:ac:51:e1:d7
Signer

Actual PE Digest

a0:ac:87:24:b3:58:20:e2:2e:a2:c4:83:b9:4f:5c:17:ac:51:e1:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQ农场守望者6.9/use.edb
QQ农场守望者6.9/user.db
QQ农场守望者6.9/手机版本下载.URL
.url
QQ农场守望者6.9/说明和方法.txt

Sharing

General

Malware Config

Signatures

Files

b4dd853de109b138a8635cd742d59ac3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 80KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 2KB

Code Sign

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0Certificate

a0:ac:87:24:b3:58:20:e2:2e:a2:c4:83:b9:4f:5c:17:ac:51:e1:d7Signer

Headers

File Characteristics

Sections

Size: 2.0MB - Virtual size: 2.0MB

Size: 640KB - Virtual size: 640KB

Size: 16KB - Virtual size: 16KB

Size: 9KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 80KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

62:c4:19:9e:ce:88:ff:b4:4f:95:00:9c:57:57:7e:d8
Certificate

23:35:a9:ef:3a:6f:3d:64:b1:cf:8d:1f:62:ad:bd:a0
Certificate

a0:ac:87:24:b3:58:20:e2:2e:a2:c4:83:b9:4f:5c:17:ac:51:e1:d7
Signer

.rsrc
Size: 28KB - Virtual size: 28KB