0809eb81c3d061d637df4ca6f3ae62fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0809eb81c3d061d637df4ca6f3ae62fb_JaffaCakes118
Size

97KB
MD5

0809eb81c3d061d637df4ca6f3ae62fb
SHA1

52babe0988d80ad24c993dff81f56b99dcc0e9f3
SHA256

95a2bb0edbb1bf20d3a561f2df135e568353eae813ce6c1eed909d04900d416f
SHA512

c05aa70d95bdf2cf5e2a76b3fcdd083a6869b614ae3bf157ecf2bc7f7338d25f6cb4745d4df1788fa7caf54f379e870d5deb9ef88438ea831d70779c78a8d831
SSDEEP

3072:ulftMvrmBbXT06tRJvI4CSTHsdK6IForlC3NGLL6:ulEraL75IATHsEpForlA

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0809eb81c3d061d637df4ca6f3ae62fb_JaffaCakes118

Files

0809eb81c3d061d637df4ca6f3ae62fb_JaffaCakes118
.exe windows:4 windows x64 arch:x64

5f7f7467d439577ade5a4fa9340b5104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\Projects\VS2005\dllexp\x64\Release\dllexp.pdb

Imports

comctl32

ord6
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17
CreateToolbarEx
ImageList_ReplaceIcon

msvcrt

_XcptFilter
_c_exit
_strlwr
_itoa
_mbsicmp
__C_specific_handler
free
memcmp
strtoul
strcmp
_stricmp
_memicmp
strrchr
_onexit
__dllonexit
atol
malloc
qsort
_strcmpi
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_purecall
_snprintf
atoi
strchr
strlen
strcpy
memset
strcat
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
sprintf
strncat

kernel32

CloseHandle
GetStartupInfoA
OpenProcess
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
DeleteFileA
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
FreeLibrary
ReadFile
GetTempPathA
GetSystemDirectoryA
LocalFree
FormatMessageA
GetModuleFileNameA
CreateFileA
GetWindowsDirectoryA
FindNextFileA
GetFileSize
GlobalUnlock
GetModuleHandleA
WriteFile
LoadLibraryExA
SetFilePointer
FindFirstFileA
GetLastError
GlobalAlloc
GetTempFileNameA
FindClose
GetFileAttributesA
GetVersionExA
GlobalLock

user32

OpenClipboard
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemInt
BeginPaint
GetWindow
SetDlgItemTextA
GetClientRect
DrawFrameControl
GetDlgItemTextA
RegisterWindowMessageA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
EndDialog
GetDlgItemInt
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
RegisterClassA
UpdateWindow
SetWindowPlacement
PostMessageA
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
TranslateMessage
PeekMessageA
LoadImageA
LoadIconA
DispatchMessageA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetMenuItemCount
GetSubMenu
GetMenuStringA
GetMenu
GetCursorPos
MoveWindow
GetDC
CheckMenuItem
SetClipboardData
EmptyClipboard
EnableWindow
EnableMenuItem
MapWindowPoints
ReleaseDC
SetWindowTextA
GetClassNameA
CloseClipboard
LoadMenuA
GetParent
ModifyMenuA
DialogBoxParamA
LoadStringA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
GetMenuItemInfoA
DestroyWindow
SetWindowPos
GetWindowTextA
GetFocus
TrackPopupMenu
PostQuitMessage
IsDialogMessageA
GetMessageA

gdi32

SetBkColor
SetBkMode
GetStockObject
GetTextExtentPoint32A
DeleteObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA

shell32

ShellExecuteExA
ShellExecuteA
DragQueryFileA
DragAcceptFiles
DragFinish

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
LoadTypeLi

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f7f7467d439577ade5a4fa9340b5104

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 13KB