2522c82740c9e444b9cd47678ba63a04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2522c82740c9e444b9cd47678ba63a04_JaffaCakes118
Size

450KB
MD5

2522c82740c9e444b9cd47678ba63a04
SHA1

daba44758b90a6bed4a4773ba4b13a341dfaf379
SHA256

df3160152d26e0ec42ac3c222ef3df5af67610ecdb1037daa6afb74d3c53ade9
SHA512

d7b0a8fc8fa19e46d883c456bd3b481df74290198e73921741b51123e1f5e1b413ac6240371becc122ef3d8dcf5ea40cb8aec976ea35813a221ab005ac8ed3fb
SSDEEP

12288:NSsP4Wry0xlYqrUO74Yl3CuvSL8iQXc6+dwDpI:0sgWrygSIcSWL8ioc6k

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2522c82740c9e444b9cd47678ba63a04_JaffaCakes118

Files

2522c82740c9e444b9cd47678ba63a04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b32c6be6f9a39e7b03434ea78259f2d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\SafariCacheView\Release\SafariCacheView.pdb

Imports

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateToolbarEx
ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

WideCharToMultiByte
GetTempPathW
GetLocaleInfoW
GetLastError
CreateDirectoryW
SizeofResource
GlobalLock
GetCommandLineW
FormatMessageW
GetVersionExW
GetDateFormatW
GetTempFileNameW
GetTimeFormatW
GetModuleHandleW
GetFileAttributesW
GetWindowsDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
DeleteFileW
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetCurrentProcess
TerminateProcess
OpenProcess
EnumResourceTypesW
GetFullPathNameW
GetSystemTimeAsFileTime
FlushFileBuffers
GetFullPathNameA
FormatMessageA
GetFileAttributesExW
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
LockFileEx
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
SetEndOfFile
GetTempPathA
GetDiskFreeSpaceW
Sleep
GetSystemTime
LoadLibraryA
AreFileApisANSI
DeleteFileA
QueryPerformanceCounter
LeaveCriticalSection
LoadLibraryExW
CreateFileMappingW
InterlockedCompareExchange
UnlockFile
GetDiskFreeSpaceA
LockFile
GetSystemInfo
GetTickCount
UnlockFileEx
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RaiseException
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
GlobalUnlock
LoadResource
GlobalAlloc
FindResourceW
lstrlenW
MultiByteToWideChar
lstrcpyW
LockResource
GetNumberFormatW
CreateFileW
WriteFile
LocalFree
GetModuleFileNameW
ReadFile
SetFileTime
SetFilePointer
GetProcAddress
FileTimeToSystemTime
LoadLibraryW
FreeLibrary
CompareFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CloseHandle
GetFileSize
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
LoadIconW
DestroyIcon
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
GetDesktopWindow
SetWindowPos
LoadStringW
EnumChildWindows
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorW
DestroyWindow
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
CheckMenuItem
CloseClipboard
GetMenuItemCount
GetMenuStringW
IsDialogMessageW
TranslateMessage
DrawTextExW
DispatchMessageW
PeekMessageW
GetSysColorBrush
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
MoveWindow
OpenClipboard
GetClassNameW
ReleaseDC
EmptyClipboard
GetDC
GetSubMenu
GetMenu
MapWindowPoints
EnableWindow
SetClipboardData
GetSysColor
GetParent
GetCursorPos
SetFocus
BeginDeferWindowPos
EndDeferWindowPos
GetWindowLongW
LoadImageW
LoadAcceleratorsW
GetWindowPlacement
SetMenu
MessageBoxW
RegisterClassW
SetWindowPlacement
SendMessageW
TranslateAcceleratorW
DefWindowProcW
PostMessageW
GetClientRect
UpdateWindow
BeginPaint
SetWindowTextW
SetDlgItemInt
DrawFrameControl
GetWindow
InvalidateRect
GetDlgItem
EndPaint
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetDlgItemInt
GetWindowRect
EnableMenuItem

gdi32

GetDeviceCaps
GetTextExtentPoint32W
GetStockObject
SetBkColor
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32c6be6f9a39e7b03434ea78259f2d2

Headers

File Characteristics

PDB Paths

Imports

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 9KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 9KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 15KB