f0602ddfd2500c38d76fdcfc8aa098d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0602ddfd2500c38d76fdcfc8aa098d6_JaffaCakes118
Size

76KB
MD5

f0602ddfd2500c38d76fdcfc8aa098d6
SHA1

68e0d06d1c508193fc8fa7857579f212a49a9d0c
SHA256

499aa6a8d48d16dd6442d93e281dda4cdf91dc9594faaacf3808dc3fda17546e
SHA512

c41dd306e29b05f216f6744c1580416a43f315e46e92e2eabd0fb9be434fe3b8c084529621e9fda032a18f6e087d102bd4940166e5c855bded045fb35dc4b2a5
SSDEEP

768:c3Hh+F8nmLnr7Rb4R4528uwZI82XEiB9KZeDxJ2erDChSoSWSrc+z7Ct4SK0Z/ok:Nf/Z465zN682XgeeUFo7Tq77v85tY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0602ddfd2500c38d76fdcfc8aa098d6_JaffaCakes118

Files

f0602ddfd2500c38d76fdcfc8aa098d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06535109fec51922884ddb4788c19db6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

pvTerminateProgram
AllocLocalData
Name
WgsDelay
BCGetFileSize
Insert
ZNOKEY
Find
TruncDecimal
Next
Search
CreateKey
Open2
szTmpBuf
FreeLocalData
CloseDB3
DBFILEINFO
TmpLogFile
DBCheckDBData4
ComposeFileName
pFrmtBuffer
VARLIST
TABOffset
RPEE
RFLV
RPED
RADDR
CheckProto
DBDatabase
DBClose
BcxExit
CallBCFunction
CallDllFunction2
GetArg
SkipRightBlk
WS
ZPROFW
SetExEuro
ZPREXTEND
bPrintFileName
bGetActualArgsExv
pInfoExe
ZEXVARG
PropertiesEx
ZTRADVER
ZMINVER
ZMINVERUX
pszCurrentModule
GetPHX
PHB
PHD
PHP
AddSl
PHDLL
SetString
Close
DBXAccess
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
ZNOMEXE
BcMain2
StrAdd

bc32ui

CANVID
SetLabelHide
SetButtonHide
DBDefineStructs
DBCreateVars2
PopMessageBoxes
BlobAdd
DefVidWaitMsg3
FreeBlob
pszDecodMessage
wKeyFlags
RTAB
RRA
RIF
RO
EntryInitProgramData
cRowsRI
cColsRI
RI
KYM
ExitInitProgramData
EntryTerminateProgram
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
DefinePos4
EntrySub2
ExitSub
TraceDebug2
szProgramName
ABC
pszID
DefineWindow10
DefineFormat
DefineLabel3
DefineEdit11
GetStyle
DefineButtonIvt
RRI
RCI
SetWindowConditions3
RunWindow5
ZVIDCOMPVIS
WgsRestoreInputData
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
WgsMessageBoxEx
RCSRCH
SearchSTR
WgsExitAppThread
WgsInitID
ZDECOD

kernel32

TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ExitProcess

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06535109fec51922884ddb4788c19db6

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 916B

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 916B