3ecde01c966289d0066354588aaba6c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ecde01c966289d0066354588aaba6c4_JaffaCakes118
Size

314KB
MD5

3ecde01c966289d0066354588aaba6c4
SHA1

37f29c113604ed140d3b2ae42f53261bd56a5df2
SHA256

19b407a14e315608404342c7a663fcd1cfeb789c22001d7f2a37d950bed71c93
SHA512

b92674d257f3fdc453ab00ff7ddda1863201daab49a9ed92fe5487f641e8297ead7085e0c547b13d9d42612631e6c81d566ed615a411a882e0e6873a22f33d11
SSDEEP

6144:jXSYdvy0RL7mRn9S7zPiiZv+jgWs+/I+1gjAtgkihe:jXSuZLykf3v+jBsi1gTkx

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ecde01c966289d0066354588aaba6c4_JaffaCakes118

Files

3ecde01c966289d0066354588aaba6c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65d1b1de6af8e4cfc3f0920cb8d513df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb

Imports

msvcrt

__wgetmainargs
_initterm
wcsncat
__setusermatherr
_adjust_fdiv
memchr
strftime
realloc
_gmtime64
qsort
_purecall
_itow
_strlwr
_wcmdln
_wcslwr
strchr
wcsncmp
_wcsicmp
malloc
wcschr
free
_c_exit
modf
_exit
exit
_cexit
_XcptFilter
_wcsupr
_wtoi
_memicmp
wcstoul
strcmp
strcpy
_wcsnicmp
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
wcslen
memcpy
wcscpy
memset
strlen
_snwprintf
wcscat
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
wcscmp
__p__fmode
__p__commode

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
GetFullPathNameA
InitializeCriticalSection
CreateFileA
CreateFileMappingW
GetModuleHandleA
GetStartupInfoW
GetFullPathNameW
LockFile
FlushFileBuffers
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
CopyFileW
CreateFileW
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
SystemTimeToFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
GetFileSize
GetCurrentDirectoryW
ExpandEnvironmentStringsW
CompareFileTime
MultiByteToWideChar
GetTempFileNameW
GetWindowsDirectoryW
GetFileAttributesW
FindFirstFileW
GetModuleHandleW
SetFilePointer
ReadFile
GetModuleFileNameW
LockResource
lstrcpyW
lstrlenW
FindResourceW
GlobalAlloc
GlobalUnlock
LoadResource
GetTempPathW
LoadLibraryExW
FindNextFileW
SizeofResource
GetFileTime
GlobalLock
FormatMessageW
FindClose
GetVersionExW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetCurrentProcess
SetCurrentDirectoryW
OpenProcess
EnumResourceTypesW
GetDiskFreeSpaceA
Sleep
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
SetEndOfFile
LeaveCriticalSection
GetFileAttributesA
QueryPerformanceCounter

user32

LoadStringW
GetMessageW
PostQuitMessage
DispatchMessageW
EndDeferWindowPos
TrackPopupMenu
RegisterWindowMessageW
SetCursor
GetSysColorBrush
LoadCursorW
ChildWindowFromPoint
ShowWindow
SetDlgItemInt
SetWindowTextW
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
GetMenuItemCount
CloseClipboard
CheckMenuItem
GetParent
GetCursorPos
GetSysColor
SetClipboardData
GetMenu
EnableWindow
MapWindowPoints
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
BeginDeferWindowPos
MoveWindow
CreateDialogParamW
DestroyWindow
EnumChildWindows
SetWindowPos
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
DrawTextExW
IsDialogMessageW
TranslateMessage

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetOpenFileNameW
FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d1b1de6af8e4cfc3f0920cb8d513df

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 19KB - Virtual size: 19KB