d22365aefcaa97305564a383d89f1969_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d22365aefcaa97305564a383d89f1969_JaffaCakes118
Size

104KB
MD5

d22365aefcaa97305564a383d89f1969
SHA1

e8e34a10ba6d22a7747c369451dd4121cbac6db1
SHA256

8d8626c607c3a1fa48a00503d7e5fe9bb663ade73cb910cfbccef5b43bc97aa0
SHA512

08c63880d4a4a91d2e66d0132014c2e5f2c9bb54e79234d442fdf7e27a00cf6d9aca434b169a8f91634b6b8ca431752c3ca0f950dbf71b9b14a390eb4c63cb39
SSDEEP

3072:R+VSjRe6SiziWCLO2eqbdopArkiy3O0FrxO84JH:RiirNio25doigbz08g

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WindowSpychs-v1.6/WndSpy.dll
unpack001/WindowSpychs-v1.6/WndSpy.exe

Files

d22365aefcaa97305564a383d89f1969_JaffaCakes118
.rar
WindowSpychs-v1.6/ReadMe.txt
WindowSpychs-v1.6/WndSpy.cfg
WindowSpychs-v1.6/WndSpy.chm
.chm
WindowSpychs-v1.6/WndSpy.dll
.dll windows:4 windows x86 arch:x86

8100375f7477859d040b69b45329ea49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
lstrcpynW
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetPriorityClass
GetCurrentProcess
lstrlenW
FormatMessageW
GetLastError
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrcatW
GetSystemDirectoryW
DisableThreadLibraryCalls

user32

SendMessageTimeoutW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
wsprintfW
GetWindowLongA
GetClassLongA
GetClassLongW
GetWindowLongW
IsWindowUnicode
ClientToScreen
GetClientRect
GetWindowRect
GetWindowInfo
GetClassNameW
GetDesktopWindow

Exports

Exports

wsGetWndInfo
wsHookGetWndInfo
wsHookGetWndText
wsInitData
wsReadWndInfo
wsSetWndHook
wsUnSetWndHook

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowSpychs-v1.6/WndSpy.exe
.exe windows:4 windows x86 arch:x86

5d4a30518edad5e6256dd15005728cf3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetForegroundWindow

gdi32

GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW

shell32

DragQueryFileW

ole32

CoInitialize

oleaut32

SysFreeString

shlwapi

ColorRGBToHLS

msvcrt

_controlfp

comctl32

ImageList_Create

winmm

PlaySoundW

Sections

.text
Size: 77KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WindowSpychs-v1.6/WndSpy.ini
WindowSpychs-v1.6/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

8100375f7477859d040b69b45329ea49

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.sdata Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 512B - Virtual size: 502B

5d4a30518edad5e6256dd15005728cf3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

comctl32

winmm

Sections

.text Size: 77KB - Virtual size: 260KB

.rsrc Size: 18KB - Virtual size: 20KB

.text
Size: 2KB - Virtual size: 2KB

.sdata
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 502B

.text
Size: 77KB - Virtual size: 260KB

.rsrc
Size: 18KB - Virtual size: 20KB