224a786ee1dbdec9461eb715511d236a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

224a786ee1dbdec9461eb715511d236a_JaffaCakes118
Size

66KB
MD5

224a786ee1dbdec9461eb715511d236a
SHA1

8483b6c5ef5a715d261f6998c2329872b2baf736
SHA256

4395246f5c6a239f15fe95fbcbe6da5ee7645d07d7a15216f757a1f842d205dc
SHA512

de3b2fac71d2f5a61384aba9bf6f611757a9faa625f2a057c2de19fb49f9ff6e4e8c381781f84c93269f14a7543efb1e80d8fd8f8145752aa4ef5a3735e7bd7a
SSDEEP

1536:9MuTHR0GvuTlnF9hMqZmBU6AjD4UK8uvDkK/RSXMJRHqH:9/GhDE8EAK/RSXMJRHqH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/spooky/Box.exe

Files

224a786ee1dbdec9461eb715511d236a_JaffaCakes118
.rar
README.txt
casper/CASPER.CPP
casper/HOOK.DSP
casper/HOOK.DSW
casper/HOOK.NCB
casper/HOOK.OPT
casper/HOOK.PLG
.html
casper/PSAPI.H
casper/casper_inject.cpp
casper/casper_inject.h
casper/casper_trojan.cpp
casper/casper_trojan.h
casper/casper_utils.cpp
casper/casper_utils.h
spooky/Box.exe
.exe windows:4 windows x86 arch:x86

0bdf5ffc7aee9bf9d7f357ece30e623c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeW
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
spooky/MECHANT/CMD.PHP
spooky/MECHANT/CMD.TXT
spooky/MECHANT/LOG.PHP
spooky/MECHANT/UPTEST.PHP

Sharing

General

Malware Config

Signatures

Files

0bdf5ffc7aee9bf9d7f357ece30e623c

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB