fcf603d8f837215d8ec3729234db3635_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fcf603d8f837215d8ec3729234db3635_JaffaCakes118
Size

17.6MB
MD5

fcf603d8f837215d8ec3729234db3635
SHA1

1e5108bb4298bf365624df18667971483daacbb6
SHA256

377a308ee17980ecd405999e0cd46d3eb7c5a56f32b7292d0bf9934c6d0ccc56
SHA512

1db169ad3e23785fa3d0d071b7acd8ce2b3c5cbb988122d7a75074abbf1728e4597842513b5fa489a51357fae80e6baa406e333312da86f4ed22ac72edaee5da
SSDEEP

393216:NPDn8VDpcw4vmXjfjHguBqi0sIeXOlr0oX5ceTHya5GKm+QTJnqMDl2qjLH:NPjkDp7BXj+Z/eY1ceTZ6dpR2cT

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crackme3.EXE

Files

fcf603d8f837215d8ec3729234db3635_JaffaCakes118
.zip
Crackme3.EXE
.exe windows:1 windows x86 arch:x86

715d00dbace8fbe3fac967ef468d1ce9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

KillTimer
GetSystemMetrics
LoadCursorA
LoadAcceleratorsA
MessageBeep
GetWindowRect
LoadStringA
LoadIconA
LoadBitmapA
SetFocus
MessageBoxA
PostQuitMessage
WinHelpA
InvalidateRect
TranslateAcceleratorA
MoveWindow
TranslateMessage
LoadMenuA
ShowWindow
SendMessageA
SetTimer
SetWindowPos
UpdateWindow
RegisterClassA
BeginPaint
CreateWindowExA
DefWindowProcA
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EndDialog
EndPaint
FindWindowA
GetDC
GetDlgItem
GetDlgItemTextA
GetMessageA

kernel32

GetLocalTime
OpenFile
GlobalFree
GlobalAlloc
lstrlen
CloseHandle
WriteFile
GetModuleHandleA
ReadFile
ExitProcess

comctl32

InitCommonControls
CreateToolbarEx
CreateToolbar

gdi32

TextOutA
StartPage
StartDocA
GetTextMetricsA
GetStockObject
EndPage
EndDoc
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA

Exports

Exports

WndProc

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
R4ndom_tutorial_8.pdf
.pdf
- http://FeedWordPress.org
- http://thelegendofrandom.com/blog
- http://thelegendofrandom.com/blog/archives/506
- http://thelegendofrandom.com/blog/archives/author/random
- http://thelegendofrandom.com/blog/archives/category/reverse-engineering
- http://thelegendofrandom.com/blog/archives/category/tutorials
- http://thelegendofrandom.com/blog/contact-2
- http://thelegendofrandom.com/blog/sample-page
- http://thelegendofrandom.com/blog/tools
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/212.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/222.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/232.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/242.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/252.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/262.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/272.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/281.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/291.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/30.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/311.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/321.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/33.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/36.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/37.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/401.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/411.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/412.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/432.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/44.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/441.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/451.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly10.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly11.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly12.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly13.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly14.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly15.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly16.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly17.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly18.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly19.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly191.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly20.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly211.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly22.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly27.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly28.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly281.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly29.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly3.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly4.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly5.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly6.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly61.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly7.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly8.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/06/olly9.png
- Show all
olly1.png
.png
tut8.htm
tut8.swf

Sharing

General

Malware Config

Signatures

Files

715d00dbace8fbe3fac967ef468d1ce9

Headers

File Characteristics

Imports

user32

kernel32

comctl32

gdi32

comdlg32

Exports

Exports

Sections

CODE Size: 1KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 8KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB