0dec3ed43caa7520b425a33390b33d82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dec3ed43caa7520b425a33390b33d82_JaffaCakes118
Size

44KB
MD5

0dec3ed43caa7520b425a33390b33d82
SHA1

008b94d6a8c6aad9a405bcb8156a93a7e4b713e7
SHA256

b936e8d96b1746459d2b6fcb5159d8980c10612b8d6779956831a75a9f8ee139
SHA512

b666bfda4d92908c8a20547e10f1a81b16752bd442e5bcc4246d8a2533a6d5764fac6b3b96bbd9a9d677fe312d6e7c2dda66fda5cf40a0b077c2255b8a580fbe
SSDEEP

768:ecMOUIHUKtTRulWDHcZ1Rj9KbpVSYWBBBRtfVBPX0+W4hf4eh1sf:e2jt4lWu1JobpVVWBB7tfr/Zf4+1sf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dec3ed43caa7520b425a33390b33d82_JaffaCakes118

Files

0dec3ed43caa7520b425a33390b33d82_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

shlwapi

StrCmpW

imm32

ImmGetContext

psapi

GetModuleFileNameExA

ole32

CreateStreamOnHGlobal

avicap32

capCreateCaptureWindowA

winmm

waveInStop

shell32

ShellExecuteA

msvcrt

free

user32

IsWindow

advapi32

RegCloseKey

gdi32

BitBlt

ws2_32

listen

Exports

Exports

guocyok888
DoService
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guoc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edrftg
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

Imports

kernel32

shlwapi

imm32

psapi

ole32

avicap32

winmm

shell32

msvcrt

user32

advapi32

gdi32

ws2_32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 67KB

.guocy Size: 1024B - Virtual size: 7KB

.guoc Size: 1024B - Virtual size: 1KB

guocy Size: - Virtual size: 4KB

.guocy Size: 3KB - Virtual size: 3KB

.rsrc Size: - Virtual size: 4KB

.edrftg Size: 2KB - Virtual size: 3KB

.guocyok Size: 3KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 67KB

.guocy
Size: 1024B - Virtual size: 7KB

.guoc
Size: 1024B - Virtual size: 1KB

guocy
Size: - Virtual size: 4KB

.guocy
Size: 3KB - Virtual size: 3KB

.rsrc
Size: - Virtual size: 4KB

.edrftg
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 3KB - Virtual size: 4KB