460079239b22a77ce404cb4dfe75258e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

460079239b22a77ce404cb4dfe75258e_JaffaCakes118
Size

60KB
MD5

460079239b22a77ce404cb4dfe75258e
SHA1

3b5816cc59060b0eb5b4ae883094523ea06fb6b6
SHA256

80d72b9fb53888279f626e775c8ee7213bec04c690683759ed1c279a3807f938
SHA512

f1cf2032e496c66420c9d9f1365a03927cf15787b5e06170be74eea1879ac8c1348e3097d585eb72ccf3d2f85e757a5f23ba45b840bfb100fb40321a24af9125
SSDEEP

1536:/GgZ89Z5ah5HRLRl+NP8L8NcOzzBddXZVV:/GgZ89W5HpcP8ImOf5fV

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/bulletspassview-x64/BulletsPassView.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bulletspassview-x64/BulletsPassView.exe

Files

460079239b22a77ce404cb4dfe75258e_JaffaCakes118
.rar
bulletspassview-x64/BulletsPassView.chm
.chm
bulletspassview-x64/BulletsPassView.exe
.exe windows:4 windows x64 arch:x64

fff4a06580cc5255c0127baacadf8da4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\Projects\VS2005\BulletsPassView\x64\Release\BulletsPassView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
strcpy
_purecall
_wcslwr
strlen
qsort
_itow
_wtoi
__setusermatherr
_commode
_fmode
__set_app_type
memcmp
wcstoul
wcsrchr
_memicmp
malloc
_wcsicmp
free
wcschr
modf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
wcscmp
wcscpy
memset
_snwprintf
wcscat
wcsncat

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ord17

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CreateRemoteThread
EnumResourceTypesW
OpenProcess
GetCurrentProcess
GetCurrentProcessId
WriteProcessMemory
WaitForSingleObject
ResumeThread
VirtualFreeEx
Sleep
VirtualAllocEx
GetStartupInfoW
ExitProcess
ReadProcessMemory
SetErrorMode
DeleteFileW
CompareFileTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
lstrlenW
WideCharToMultiByte
LocalFree
lstrcpyW
LockResource
GlobalUnlock
GetDateFormatW
GetTempPathW
GetTempFileNameW
GlobalLock
SizeofResource
GetFileSize
FormatMessageW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
WriteFile
ReadFile
GetModuleFileNameW
FindResourceW
LoadResource
CreateFileW
CloseHandle
LoadLibraryExW
GlobalAlloc
GetWindowsDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

EnumWindows
SendMessageTimeoutW
PostQuitMessage
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
UpdateWindow
SetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowTextW
SetDlgItemInt
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
SetFocus
EmptyClipboard
EnableMenuItem
GetDC
ReleaseDC
MoveWindow
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
GetCursorPos
SetClipboardData
GetMenuStringW
EnableWindow
GetSysColor
MapWindowPoints
CloseClipboard
GetMenu
GetParent
GetWindowTextW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
DestroyWindow
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DestroyIcon
LoadIconW
GetMessageW
SetTimer
IsDialogMessageW
TranslateMessage
DrawTextExW
DispatchMessageW
EndDeferWindowPos
BeginDeferWindowPos
KillTimer
RegisterWindowMessageW
TrackPopupMenu

gdi32

SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
SelectObject

comdlg32

FindTextW
GetSaveFileNameW

shell32

ShellExecuteW
SHGetFileInfoW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bulletspassview-x64/readme.txt

Sharing

General

Malware Config

Signatures

Files

fff4a06580cc5255c0127baacadf8da4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB