1797a3f376a02bb4a7a71ae2b8e5d884_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1797a3f376a02bb4a7a71ae2b8e5d884_JaffaCakes118
Size

29KB
MD5

1797a3f376a02bb4a7a71ae2b8e5d884
SHA1

6f59c60c12bd4c144dd2584a3adf69f7ce50c133
SHA256

f52dfbd405712e22c745798cde84b8720b434e52217d64bd67b926c320456998
SHA512

0d0f3ff34fcf4195d7a16961793ae7cafa55d6a2e1e244e9c9e5af67c4ebede22674fc83d79217f5477e012bf2acfabdd76c68201675ef3f80192d8b36c0d06e
SSDEEP

768:Fh7s9AMVXNrLw0u4a/2J2YSczNKdOnlgSTZT/:3OXVw141J27c5KdMBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/config.exe
unpack002/keylogger.exe

Files

1797a3f376a02bb4a7a71ae2b8e5d884_JaffaCakes118
.eml
email-plain-1.txt
keyspy_bin.rar
.zip
config.exe
.exe windows:4 windows x86 arch:x86

43de69efece3290cd4c6721c62bd2091

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetLastError
TlsAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetLocaleInfoA
GetACP
GetOEMCP
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

DialogBoxParamA
GetDlgItemTextA
MessageBoxA
SetDlgItemTextA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keylogger.exe
.exe windows:4 windows x86 arch:x86

6e12e7d99403aa32668a22a58bf7f008

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
send
WSAStartup
connect
htons
recv
inet_ntoa
closesocket
gethostbyname
inet_addr

kernel32

GetVersion
GetCurrentProcessId
CreateThread
GetModuleFileNameA
CreateFileA
lstrcatA
GetSystemDirectoryA
DeleteFileA
CloseHandle
ReadFile
lstrlenA
GetProcAddress
LoadLibraryA
Sleep
GetFileSize
WriteFile
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
OpenProcess
GetModuleHandleA
CopyFileA

user32

SetWindowsHookExA
wsprintfA

advapi32

RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43de69efece3290cd4c6721c62bd2091

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 848B

6e12e7d99403aa32668a22a58bf7f008

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 848B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 5KB