f2dd6e66135acbda63b1b8b15a8536cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2dd6e66135acbda63b1b8b15a8536cc_JaffaCakes118
Size

44KB
MD5

f2dd6e66135acbda63b1b8b15a8536cc
SHA1

58e24b14b5e1b8f42526c744cf3940a21914d413
SHA256

4219162108e3f2e06275036d192bd2b78b042c60d68714ec0bf2d2685ca58ca1
SHA512

608065faa367c64efbb293d3dd2e52fcceb5b3fddab78387b1de56eb88fae951870ff6b927901492be242b51738e8ec8f8dc4a5254d07252cad8887c705fd7ff
SSDEEP

768:ecMOUIHUKtTRulWDHcZ1Rj9KbpVSYWBBBRtfVBPX0YiQEIEM:e2jt4lWu1JobpVVWBB7tfriQEIEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2dd6e66135acbda63b1b8b15a8536cc_JaffaCakes118

Files

f2dd6e66135acbda63b1b8b15a8536cc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

shlwapi

StrCmpW

imm32

ImmGetContext

psapi

GetModuleFileNameExA

ole32

CreateStreamOnHGlobal

avicap32

capCreateCaptureWindowA

winmm

waveInStop

shell32

ShellExecuteA

msvcrt

free

user32

IsWindow

advapi32

RegCloseKey

gdi32

BitBlt

ws2_32

listen

Exports

Exports

guocyok888
DoService
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guoc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edrftg
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

Imports

kernel32

shlwapi

imm32

psapi

ole32

avicap32

winmm

shell32

msvcrt

user32

advapi32

gdi32

ws2_32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 67KB

.guocy Size: 1024B - Virtual size: 7KB

.guoc Size: 1024B - Virtual size: 1KB

guocy Size: - Virtual size: 4KB

.guocy Size: 3KB - Virtual size: 3KB

.rsrc Size: - Virtual size: 4KB

.edrftg Size: 2KB - Virtual size: 3KB

.guocyok Size: 3KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 67KB

.guocy
Size: 1024B - Virtual size: 7KB

.guoc
Size: 1024B - Virtual size: 1KB

guocy
Size: - Virtual size: 4KB

.guocy
Size: 3KB - Virtual size: 3KB

.rsrc
Size: - Virtual size: 4KB

.edrftg
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 3KB - Virtual size: 4KB