012e74f3c45ebdbd718af7825fa7f0a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

012e74f3c45ebdbd718af7825fa7f0a5_JaffaCakes118
Size

386KB
MD5

012e74f3c45ebdbd718af7825fa7f0a5
SHA1

352cdab5338931afc37f9944f278896e33dc5f78
SHA256

5a6264f33888ea34833e45e3b6b3c2a22fb01bf2e956789840b86ec7b8332438
SHA512

440eee4bcaf60d351a2f2608b8582dfedb08d1b1ef18f02ea501c9c8c311ece909c309ccd3797c87534fb942e81f0e583ba977c9785c7fed29cd12328a52f105
SSDEEP

6144:5l3F4O8iCSPnDmDvbXGFtv9cVs68ZV6kjEGTjX93eIb1AtcekihvGQ:DFXpDmDLDX86kj/NuQAkPQ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
012e74f3c45ebdbd718af7825fa7f0a5_JaffaCakes118

Files

012e74f3c45ebdbd718af7825fa7f0a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72f8577f4311144f53af1bd738fb6e13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
wcscat
__set_app_type
_controlfp
_gmtime64
_itow
_wcslwr
strchr
_strlwr
_initterm
wcsncmp
memmove
free
modf
_memicmp
wcstoul
malloc
_XcptFilter
_wtoi64
strcmp
strcpy
wcsrchr
__wgetmainargs
_wcmdln
exit
_wcsupr
_cexit
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_purecall
wcslen
wcscmp
abs
log
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
wcsncat
_snwprintf
_except_handler3
_exit
_c_exit
_onexit
__dllonexit
memchr
strftime
realloc

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

kernel32

GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetSystemTimeAsFileTime
GetTempPathA
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
GetDiskFreeSpaceW
DeleteFileA
GetFullPathNameA
InitializeCriticalSection
GetModuleHandleA
GetStartupInfoW
FlushFileBuffers
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetSystemInfo
Sleep
GetDiskFreeSpaceA
CreateFileA
EnumResourceTypesW
CreateToolhelp32Snapshot
LocalFree
GetFileSize
SystemTimeToFileTime
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
CopyFileW
CreateFileW
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
FileTimeToSystemTime
GetTickCount
SetFilePointerEx
GetCurrentDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GetFileTime
GetDateFormatW
FormatMessageW
GetTempFileNameW
GetVersionExW
FindClose
FindFirstFileW
GetModuleHandleW
GetTimeFormatW
SetFilePointer
GetWindowsDirectoryW
GetFileAttributesW
ReadFile
GetModuleFileNameW
WriteFile
LockResource
lstrcpyW
FindResourceW
lstrlenW
LoadResource
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GetTempPathW
FindNextFileW
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
SetCurrentDirectoryW
Process32FirstW
Process32NextW

user32

DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
DispatchMessageW
TranslateMessage
IsDialogMessageW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SendDlgItemMessageW
GetDlgItemInt
EndDialog
SetWindowLongW
GetDlgItem
GetWindow
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
KillTimer
GetParent
SetTimer
BeginDeferWindowPos
EndDeferWindowPos
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
MapWindowPoints
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetWindowTextW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72f8577f4311144f53af1bd738fb6e13

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 51KB - Virtual size: 51KB