18848583460f3ff21f6f95b1f3640fee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18848583460f3ff21f6f95b1f3640fee_JaffaCakes118
Size

39KB
MD5

18848583460f3ff21f6f95b1f3640fee
SHA1

67383f270cf03ac1cce0ccc55f3d60ccfcc67c41
SHA256

9aac4b66d9b766d864a45fe46f87f6c3c26c908bc9111bde2dd63a4c99c66644
SHA512

eb8243eb36dcdbdba8ec33fc0087f7de6185923af2f2cbdd0d2fdb4ab4401b35eb5d582b503465c30742f5e8911b3fa9d056bad8bab1482dad8c8725aeb9b44d
SSDEEP

768:DemQWJ4dKLP1ltsr2dKS27jMgTJ377jPUTvtMXGeCxXX0tAMNx5:DtQWgKj1grWw9RngT1M2eW4AMNx5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18848583460f3ff21f6f95b1f3640fee_JaffaCakes118

Files

18848583460f3ff21f6f95b1f3640fee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7e3f3def010c83391774f48b37c82d26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

winmm

waveInStop

user32

IsWindow

imm32

ImmGetContext

avicap32

capCreateCaptureWindowA

shlwapi

StrChrA

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

listen

psapi

GetModuleFileNameExA

ole32

CreateStreamOnHGlobal

gdi32

BitBlt

msvcrt

free

Exports

Exports

Qy001DoMainWSSK
222222222222
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guof
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gyuio
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erftgy
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e3f3def010c83391774f48b37c82d26

Headers

File Characteristics

Imports

kernel32

winmm

user32

imm32

avicap32

shlwapi

advapi32

shell32

ws2_32

psapi

ole32

gdi32

msvcrt

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 66KB

.guocy Size: 1024B - Virtual size: 6KB

.guof Size: 1024B - Virtual size: 2KB

guocy Size: - Virtual size: 4KB

.gyuio Size: 3KB - Virtual size: 3KB

.rsrc Size: - Virtual size: 4KB

.erftgy Size: 2KB - Virtual size: 3KB

.guocyok Size: 7KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 66KB

.guocy
Size: 1024B - Virtual size: 6KB

.guof
Size: 1024B - Virtual size: 2KB

guocy
Size: - Virtual size: 4KB

.gyuio
Size: 3KB - Virtual size: 3KB

.rsrc
Size: - Virtual size: 4KB

.erftgy
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 7KB - Virtual size: 4KB