41670b5de2bc3e25f1db769170e4711c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41670b5de2bc3e25f1db769170e4711c_JaffaCakes118
Size

69KB
MD5

41670b5de2bc3e25f1db769170e4711c
SHA1

d831b489e4753341c23ff5042dc1d8c02f123f57
SHA256

7a811e7e8124ead14240c03e76d824adfadef7eead5b1d207e79ac7f14b59e09
SHA512

61ba21f78ec1f22ddd61d82932bb3f4cea41f121f3a93b16d85f5b18c205ce341b1452766a4d9b02cc4992e7857aefe2eb4bf531d065b74b43151dae707f3a0c
SSDEEP

1536:sBdENEgCREvOcAeAht/bxcD9b3TXvZtLYMRwArtW3osmUn:AEN5bRDE9xebDRtLYM1hQWUn

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/BulletsPassView.exe	Nirsoft

Files

41670b5de2bc3e25f1db769170e4711c_JaffaCakes118
.zip
BulletsPassView.chm
.chm
BulletsPassView.exe
.exe windows:4 windows x64 arch:x64

569268acae49b073e0ccf59bb9d69615

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5
Signer

Actual PE Digest

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\BulletsPassView\x64\Release\BulletsPassView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
strcpy
_wcslwr
strlen
qsort
_purecall
_itow
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_memicmp
malloc
_wcsicmp
free
wcschr
modf
_wtoi
memcmp
wcstoul
wcsrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
wcscmp
wcscpy
memset
_snwprintf
wcscat
wcsncat

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ord17

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

OpenProcess
CreateRemoteThread
EnumResourceTypesW
ReadProcessMemory
GetCurrentProcess
WaitForSingleObject
ResumeThread
VirtualFreeEx
Sleep
VirtualAllocEx
WriteProcessMemory
GetStartupInfoW
LoadLibraryW
GetCurrentProcessId
ExitProcess
DeleteFileW
SetErrorMode
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CompareFileTime
FileTimeToSystemTime
GetProcAddress
FreeLibrary
FormatMessageW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
WriteFile
ReadFile
FindResourceW
GetModuleFileNameW
LoadResource
CreateFileW
LoadLibraryExW
GlobalAlloc
CloseHandle
GetWindowsDirectoryW
WideCharToMultiByte
lstrlenW
LocalFree
lstrcpyW
LockResource
GlobalUnlock
GetDateFormatW
GetTempFileNameW
GetTempPathW
GlobalLock
SizeofResource
GetFileSize
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle

user32

EnumWindows
SendMessageTimeoutW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
UpdateWindow
SetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowTextW
SetDlgItemInt
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowThreadProcessId
MessageBeep
LoadImageW
GetWindowLongW
SetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
GetParent
EnableMenuItem
ReleaseDC
GetDC
MoveWindow
OpenClipboard
GetClassNameW
GetSubMenu
GetWindowTextW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
LoadMenuW
LoadIconW
DestroyIcon
BeginDeferWindowPos
KillTimer
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
SetTimer
IsDialogMessageW
DispatchMessageW
TranslateMessage
DrawTextExW
EndDeferWindowPos
SetForegroundWindow

gdi32

CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

569268acae49b073e0ccf59bb9d69615

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 9KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5
Signer

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 9KB