cf3fa81846ba66e2d941e9026ac634d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf3fa81846ba66e2d941e9026ac634d0_JaffaCakes118
Size

75KB
MD5

cf3fa81846ba66e2d941e9026ac634d0
SHA1

d9e6ab82c409cbc8effed4380e6e2b1e2bca75e5
SHA256

33d01bac1337fb7404b27e9f63e53f1bc76383659245d57c8e76bcb143241901
SHA512

221ebf0d0494a50be957303b7ee14aa0901e123df671bb15a1fcc6d82a907fc295180891b41c1a50fea8396469eb4cf13ceee57989db264d90eaa8c54008575c
SSDEEP

1536:v/2gIS6xycfiANXkmlo19692vAGVJceDEA8GnZZTCocgz+AKWclml:SS6cc6AXkAoioJceDAe3H69plA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sobolsoft.Excel.Zip.Codes.Convert.Lookup.And.Format.v7.0.Incl.Keygen-Lz0/keygen.exe

Files

cf3fa81846ba66e2d941e9026ac634d0_JaffaCakes118
.zip
Sobolsoft.Excel.Zip.Codes.Convert.Lookup.And.Format.v7.0.Incl.Keygen-Lz0/file_id.diz
Sobolsoft.Excel.Zip.Codes.Convert.Lookup.And.Format.v7.0.Incl.Keygen-Lz0/keygen.exe
.exe windows:4 windows x86 arch:x86

0ae9bf8293595576c49543cb657fb714

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

kernel32

GetCurrentProcess
VirtualProtect
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WaitForSingleObject
CloseHandle
CreateThread
SetThreadPriority
HeapAlloc
HeapCreate
HeapDestroy
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetStdHandle
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetSystemInfo
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
VirtualFree
HeapFree
SetFilePointer
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc

user32

DialogBoxParamA
ReleaseCapture
SendMessageA
AnimateWindow
EndDialog
SetWindowPos
SetDlgItemTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sobolsoft.Excel.Zip.Codes.Convert.Lookup.And.Format.v7.0.Incl.Keygen-Lz0/lz0.nfo
keygen.nfo

Sharing

General

Malware Config

Signatures

Files

0ae9bf8293595576c49543cb657fb714

Headers

File Characteristics

Imports

winmm

kernel32

user32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 221KB

.rsrc Size: 88KB - Virtual size: 84KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 221KB

.rsrc
Size: 88KB - Virtual size: 84KB