619e679955d1b60d52ffbc0de6fdc950_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

619e679955d1b60d52ffbc0de6fdc950_JaffaCakes118
Size

152KB
MD5

619e679955d1b60d52ffbc0de6fdc950
SHA1

24adeb85cb732726785a0e89c5c28d19304b218b
SHA256

1510eca185afa79ab87fee8358aa877d1fba79be52149cdb1fe5f9b7fec59952
SHA512

6d2e099400de8d8c1ae5ac9e0b2e3c2d1aaba66f12f270894f66b8d4874a3f481a8d03d94bdbbc2ac631d4705f490d1ce2238d31056e146d0cacd575da28e72e
SSDEEP

3072:+g+wdmI12quCPUsvN42GCLf/Br6WoGRZ7S:+y2quCPUs8Cb/JT7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
619e679955d1b60d52ffbc0de6fdc950_JaffaCakes118

Files

619e679955d1b60d52ffbc0de6fdc950_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2893843bae14f8f9c5c66b5b0577448

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

StrAdd
PHB
DefineOutputDev
PRINTINFO
SaveOption2
fnmonth
FormatNumber
fnyear
InvertPeriod
fnperiodadd
fnperiod
AddSl
ComposeFileName
GR
iSopError
ReadOption3
ZNOKEY
SetCondition
BCRound
RADDR
WSP
MakeDirectory
PHD
DITTA
ANNOEXT
SetPrintPageParms3
AllocLocalData
pvTerminateProgram
FreeLocalData
DBDatabase
DBClose
BcxExit
BCXGetEnv
pszTmpPtr
SkipRightBlk
ZPREXTEND
bPrintFileName
bGetActualArgsExv
ZEXVARG
PropertiesEx
ZTRADVER
ZMINVER
ZMINVERUX
pszCurrentModule
SetExEuro
ZPROFIS_INSTAL
BcMain2
CallDllFunction2
Close
DBXAccess
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
ZNOMEXE
FindDB5

bc32ui

ABC
RunWindow4
DefineButtonIvt
ZDECOD
RCI
RRI
DefFuncKey3
DefineGrid23
GetStyle
ZNSELALL
DefineWindow10
pszID
InsertColGrid9
DefineTVString
DefineCellGrid11
InsertRowGrid8
ZGRIGA
SetGroupBoxHide
SetEditConditions2
SetLabelHide
SetOptionsConditions2
SetCellConditions2
ZGCOL
KillDynamicStruct
AddDynamicStruct
ZapDynamicStruct
DefineDynamicStruct5
ZINIDEC
DefVidWaitMsg3
ABCPRB
LoadControlStruct
pszDecodMessage
SetFuncKeyHide
ZVIDCOMPVIS
WgsRestoreInputData
ZNSEL
GettingRowGrid
DefineFormat
DefineGroupBox3
DefineEdit10
DefineLabel3
DefineTVDouble
DefineRadioButton
DefineRadioOptions3
DefineComboOptions
DBCreateVars2
DBDefineStructs
CANVID
EntryInitProgramData
cRowsRI
cColsRI
RI
KYM
ExitInitProgramData
EntryTerminateProgram
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
TraceDebug2
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
WgsMessageBoxEx
DefinePos4
szProgramName
RCSRCH
SearchSTR
WgsExitAppThread
WgsInitID
DefinePrintJob3

kernel32

TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ExitProcess

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2893843bae14f8f9c5c66b5b0577448

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 36KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 704B

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 704B