649e414799c3bb521e0e444f5b3c5009_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

649e414799c3bb521e0e444f5b3c5009_JaffaCakes118
Size

244KB
MD5

649e414799c3bb521e0e444f5b3c5009
SHA1

e85e30f9bbd739ca6c3488bc17a14b7b9c3cbef0
SHA256

47bcb0d8114ac4c1fff5fd76a4c135dc40b560c1457a4d289fef6fdf750b433b
SHA512

afbcbf6ee94358ee5e08d22bde4215e162faf57ef96a6fc6ba44facec8703278c6ced877aac8f148d6885b41e4fea8a0a50aee30b1ec1997a972d865132100d8
SSDEEP

6144:uAebj1+WDWCYaFhtpVsIUw8YJ1I/gGY/Pz8rApCz0QFFurP1m+:m1xFhtpVsIUw8YJ1lj5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649e414799c3bb521e0e444f5b3c5009_JaffaCakes118

Files

649e414799c3bb521e0e444f5b3c5009_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f825523304cc2d4caf172df65f557f7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

Find
fd11
BcxExit
DBClose
DBDatabase
FreeLocalData
RADDR
pvTerminateProgram
AllocLocalData
CallBCFunction
DBFILEINFO
strtrim
ANNOEXT
ZSYSTEM
PHD
GR
PRINTINFO
FormatNumber
Unlock
Delete
InvertPeriod
ZENDFIL
Update
BCRound
InvertDate
FormatDouble
ConvertMigl
CVLire
ZNOKEY
ZDECEURO
ZEXEURO
GetPartOfString
GetLeftChar
TruncDecimal
pFrmtBuffer
VARLIST
TABOffset
RPEE
RFLV
RPED
CheckProto
pszTmpPtr
BCXGetEnv
SetString
fd12
ZVIDDESCR
SetExEuro
ANNO
Open
ZVER_CONFIG
ZRCID
RCISSW
SearchString
StrToUpper
ISAMExvInterpreter
Insert
CreateKey
Search
Next
fd1
pInfoExe
ZPREXTEND
bPrintFileName
bGetActualArgsExv
ZEXVARG
PropertiesEx
ZTRADVER
ZMINVER
ZMINVERUX
pszCurrentModule
PR
SkipRightBlk
CallDllFunction2
GetArg
ZBCERR
PHB
szTmpBuf
StrAdd
Open2
DITTA
XRS1
XRS2
Close
DBXAccess
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
ZNOMEXE
BcMain2
EUROTruncDecimal

bc32ui

WgsDefineWindow
pszID
ZINIDEC
pszDecodMessage
wKeyFlags
RTAB
FreeBlob
ZNSEL
ZRCVIS
RCMULT
WgsFileList
NOIVA
RCMKEY
NCK
WgsFormatColumn
WgsDrawOutput
pszWindowHeader
TRIC
ExitSub
EntrySub2
ZNMAXSEL
WgsRestoreWindow
RCNOID
RCSETSEL
RCBSLM
RCSELECT
ZSELST
WgsDrawScreenFrame
RO
RRI
RCI
ZDECOD
WgsSetValidateInput
WgsDrawScreen
WgsGetVideoInput
ABC
ZVIDCOMPVIS
WgsCheckInputData
WgsRestoreInputData
pszErrorMessage
DBCreateVars2
DBDefineStructs
CANVID
EntryInitProgramData
cRowsRI
cColsRI
RI
KYM
RIF
RRA
ExitInitProgramData
EntryTerminateProgram
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
TraceDebug2
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
szProgramName
RCSRCH
SearchSTR
WgsExitAppThread
WgsInitID
WgsMessageBoxEx

kernel32

TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
RaiseException
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
LCMapStringA
LCMapStringW
ExitProcess

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f825523304cc2d4caf172df65f557f7b

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 920B

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 920B