2738036199479faa479afb7821468d8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2738036199479faa479afb7821468d8b_JaffaCakes118
Size

110KB
MD5

2738036199479faa479afb7821468d8b
SHA1

bbe8a0f4f30dc8654c293c938dd22b8a2338f749
SHA256

fa2078f9586cb2bc09912deea55678b075471ca66662c3f6af67b72a664a6a47
SHA512

0ce1dbca8a0a52601f0f29f46a993db0911502b3085ea83b6d5a4de0dc8cea23e0ce3cfc5fb96a726ab58d600b58d4123b6bd12049033df03a5bba1e06e664b6
SSDEEP

3072:QZj3ZnaUDZ4n/p/l4WbUzYI1e6uH5cuhfTG7U8id:4jpnaE4/pCWZTXd

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2738036199479faa479afb7821468d8b_JaffaCakes118

Files

2738036199479faa479afb7821468d8b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

d3770b81e9d69330f8f51902df682a68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\ProduKey\x64\Release\ProduKey.pdb

Imports

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

msvcrt

_exit
_cexit
exit
_acmdln
qsort
_strlwr
_purecall
_itoa
malloc
_c_exit
strtoul
strcmp
_memicmp
strchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_stricmp
_XcptFilter
__C_specific_handler
__dllonexit
_onexit
free
strrchr
_strcmpi
memcpy
strlen
atof
memcmp
atoi
_strnicmp
_mbsicmp
memset
strcpy
strcat
strncat
sprintf
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

comctl32

ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

ws2_32

gethostbyname
WSACleanup
WSAStartup
gethostbyaddr
closesocket
WSASetLastError
htons
WSAGetLastError
connect
WSAAsyncSelect

kernel32

OpenProcess
CreateThread
ResumeThread
ExitProcess
GetCurrentProcessId
ReadProcessMemory
SetErrorMode
DeleteFileA
GetStdHandle
GetPrivateProfileIntA
GetStartupInfoA
FindFirstFileA
LoadLibraryExA
EnumResourceNamesA
WritePrivateProfileStringA
MultiByteToWideChar
LocalFree
GetSystemDirectoryA
GetTempPathA
ReadFile
CloseHandle
GetTimeFormatA
GlobalLock
GetVersionExA
FindClose
GetFileAttributesA
GetTempFileNameA
GlobalAlloc
FileTimeToLocalFileTime
GetDriveTypeA
WideCharToMultiByte
GetPrivateProfileStringA
Sleep
GetCurrentProcess
CompareFileTime
GetLogicalDrives
GetComputerNameA
FreeLibrary
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
GetModuleHandleA
FormatMessageA
CreateFileA
GetFileSize
GetWindowsDirectoryA
GetModuleFileNameA
GlobalUnlock
FindNextFileA
GetDateFormatA
WriteFile
GetLastError

user32

EndDeferWindowPos
RegisterWindowMessageA
GetMessageA
GetWindowTextA
GetMenuItemInfoA
GetFocus
DestroyWindow
CreateDialogParamA
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
LoadStringA
KillTimer
TrackPopupMenu
BeginDeferWindowPos
PostQuitMessage
TranslateMessage
EnumChildWindows
OpenClipboard
DispatchMessageA
SetTimer
IsDialogMessageA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
MoveWindow
GetCursorPos
GetDC
CheckMenuItem
GetSysColor
SetClipboardData
EnableWindow
EmptyClipboard
GetClientRect
MapWindowPoints
EnableMenuItem
ReleaseDC
ModifyMenuA
GetClassNameA
CloseClipboard
GetParent
GetMenuItemCount
GetMenuStringA
GetSubMenu
GetMenu
LoadMenuA
DeferWindowPos

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

GetOpenFileNameA
FindTextA
GetSaveFileNameA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegConnectRegistryA
RegQueryValueExA
RegUnLoadKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegLoadKeyA

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3770b81e9d69330f8f51902df682a68

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

msvcrt

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 16KB