3e390780214cf547601d9f95e7728c30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e390780214cf547601d9f95e7728c30_JaffaCakes118
Size

364KB
MD5

3e390780214cf547601d9f95e7728c30
SHA1

54746726e9c12c57eb5519378b0baaa4abdd3e10
SHA256

853bb9e5c779cfe60d00549ea5b52ec84dcf77c51c902f27969d5f81d3adf0ef
SHA512

06a951844ed408137c486432d42c3db3123965dc4f5af5455849ec3127e41deb9359e3cbb9dd3da510122046c6f879e9817fa7b73deb35d03227ec2be1650358
SSDEEP

6144:680P072qLc+tX5MX3gGGC7XhUf77g3CBg56Abb0zuEQZLiBPYc05h4:h70+tX5MX3gGGCz2z7g3C+Ig0zuEQZL1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e390780214cf547601d9f95e7728c30_JaffaCakes118

Files

3e390780214cf547601d9f95e7728c30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd25e641b7bd74166bed371b59cbd97f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cblrtss

ord1454
ord1391
ord1118
ord1140
ord1265
ord1307
ord1247
ord1115
ord1271
ord1130
ord1269
ord1476
ord1067
ord1478
ord1120
ord1291
ord1337
ord1267
ord1464
CBL_CHECK_FILE_EXIST
ord1303
ord1306
ord1148
ord1475
ord1294
ord1297
ord1375
ord1292
ord1302
ord1335
ord1066
ord1146
ord1301
ord1477
ord1498
_mFgprogcheckexit
_mFgtypecheck
_mFgprogchain
_mFerr
_mFgprogunlock
mF_eloc
CBL_EXIT_PROC
ord1021
_mFgF813
_mFgF811
CBL_ALLOC_MEM
CBL_FREE_MEM
CBL_WRITE_FILE
CBL_READ_FILE
CBL_CLOSE_FILE
CBL_DELETE_FILE
CBL_CREATE_FILE
CBL_JOIN_FILENAME
ord1015
ord1462
_mFgF802
ord1431
_mFgproglock
CBL_GET_OS_INFO
_mFgF805
ord1006
ord1155
ord1250
CBL_TOUPPER
CBL_CANCEL
_mFiD7A1
CBL_FILENAME_CONVERT
CBL_SPLIT_FILENAME
_mFiD7B0
ord1701
CBL_CMPNLS
ord1461
CBL_MBCS_CHAR_LEN
_mFgF800
_mFgF801
cob_COYIELD
CBL_NLS_GET_MSG
CBL_FN_CURRENT0DATE
ord1574
ord1573
ord1579
ord1578
CBL_OPEN_FILE
CBL_RENAME_FILE
CBL_COPY_FILE
CBL_LCKFILE
CBL_UNLFILE
CBL_UNLOCK
CBL_FLUSH_FILE
CBL_SET_SEMAPHORE
CBL_FREE_SEMAPHORE
CBL_TEST_LOCK
CBL_GET_LOCK
CBL_FREE_LOCK
CBL_OPEN_VFILE
CBL_CLOSE_VFILE
CBL_READ_VFILE
CBL_WRITE_VFILE
CBL_FN_UPPER0CASE
CBL_LOCATE_FILE
_mFginitdat_dll
ord969
ord733
ord968
ord2038
ord2006
_mFgmain2
_mFgWinMain2
ord1446
ord1374
ord1380
ord1150
ord1128
_mFiD791
_mFgF80A
ord1325
ord1463
ord1467
CBL_EXEC_RUN_UNIT
ord1333
ord1305
_mFgCE
_mFgAE
EXTFH
_mFgF809
_mFfindp
_mFgF816
_mFgprogunchain

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

kernel32

GetModuleHandleA
GetCommandLineA
GetStartupInfoA

Exports

Exports

_mFdllinfo

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd25e641b7bd74166bed371b59cbd97f

Headers

File Characteristics

Imports

cblrtss

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 346KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 133KB

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 133KB