26eb11e265482eeb396b17650983763d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26eb11e265482eeb396b17650983763d_JaffaCakes118
Size

252KB
MD5

26eb11e265482eeb396b17650983763d
SHA1

b8da5321ab4954969f7a2d7c5ebef5052c85a346
SHA256

6413bcf6aef37e2b40110d0d169da729e3e7dfb7eaa6602acbd6d5f09aa88546
SHA512

1ea56961919babbe09fd7c22787bbc3473f0f9c05ed6f26f092c227b0035ca0dd4d245ed25274c867e5ac896bc7c877231542bef209efb7bf0477030eb2be24f
SSDEEP

3072:vybBjQHOGEUoE48jcTfSOjhgZHYYPTH78EAzcMYNvhLlEhskycocMCEog7EuROTr:6WHOGov8aWDcEAKhhfku7ROTFHUMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26eb11e265482eeb396b17650983763d_JaffaCakes118

Files

26eb11e265482eeb396b17650983763d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58881a2f29a5bb4ddfa322b56752bff4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

ZPRDUPLEX
ZDECEURO
ZEXEURO
EMAILINFO
ZEXVALUTA
ZVISUDC
ZPRCOLLATE
ZPRRUNFILEAPPL
ZTST
PRINTINFO
ZPRPAGERANGE
GetAllocMem
bIniModExecuted
GetSharedMemEntry
pvTerminateProgram
GetMemory
Name
DBInsert
ZNOKEY
DBFind
FormatNumber
RestoreLocalData
SaveLocalData
FreeMemory
pFrmtBuffer
ZPREXTEND
RestoreKeyBuffers
RPEE
RFLV
RPED
CheckProto
SaveKeyBuffers
GetRightChar
SkipRightBlk
MakeDirectory
InvertDate
DBUpdate
ZRCID
ZSYSTEM
RCISSW
ISAMExvInterpreter
GetLeftChar
SetString
EUROTruncDecimal
CVEuro
BCRound
GetTimeExt
bPrintFileName
BcMain2
ZNOMEXE
PropertiesEx
ZTRADVER
ZMINVER
ZMINVERUX
pszCurrentModule
SetExEuro
WS
PHB
PHD
GetPHX
AddSl
PHG
StrAdd
BcxExit
DBDatabase
szTmpBuf
DBOpen
DBXAccess
DBCreateKey
RADDR
DBXISAMExvInterpreter
DBSearch
DBFILEINFO
DBMove
iDBXError
BCGetFileSize
DBClose
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
TABOffset
VARLIST
pInfoExe

bc32ui

EntryTerminateProgram
RO
WgsFileList
NOIVA
RCMKEY
WgsFormatColumn
WgsDrawOutput
pszWindowHeader
RCNOID
TRIC
WgsRestoreWindow
RRA
RTAB
wKeyFlags
pszDecodMessage
DBCreateVars2
DBDefineStructs
CANVID
EntryInitProgramData
cRowsRI
cColsRI
RI
KYM
ExitInitProgramData
RIF
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
ZNUMDEC
szProgramName
ABC
pszID
WgsDefineWindow
WgsDrawScreenFrame
RRI
ZDECOD
RCI
WgsDrawScreen
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
WgsGetVideoInput
ZVIDCOMPVIS
WgsRestoreInputData
SYSDATEXT
WgsMessageBoxEx
RCSRCH
WgsInitID
WgsExitAppThread
SearchSTR

kernel32

DeleteFileA
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58881a2f29a5bb4ddfa322b56752bff4

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 60KB - Virtual size: 61KB

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 60KB - Virtual size: 61KB