6a46f190e99be64c8c80d0b0d411ca39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a46f190e99be64c8c80d0b0d411ca39_JaffaCakes118
Size

492KB
MD5

6a46f190e99be64c8c80d0b0d411ca39
SHA1

4f1470c92146b789f6a08ec7ed11431627f9f72c
SHA256

b41563b486eb5836d23298641c0d1d024db1eef56905d963c267539fec3f9079
SHA512

e1b9b14b75c71df63b943134dbb93d40354803c12ce845c732e9a8a8a5a1c0f8a54e92d14da04190f8d01f680f79b930573b3c3c6d8c5d8e2756dbdeaa8ea051
SSDEEP

6144:guVsxydauno27hlHk9obVyBXNsZkm6vkClI8UE9SoyQqwgi6l:gumLbUo9pwFErUE9Soy/wghl

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a46f190e99be64c8c80d0b0d411ca39_JaffaCakes118

Files

6a46f190e99be64c8c80d0b0d411ca39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3dd8af8d137ba7ebfd3d330e30b3c91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Visual Studio 2005\Projects\1337Proj\release\1337Proj.pdb

Imports

kernel32

GetModuleHandleA
Sleep
OpenMutexA
GetModuleFileNameA
CreateMutexA
GetCurrentProcess
GetComputerNameA
CloseHandle
LoadLibraryA
GetProcAddress
GlobalAlloc
DuplicateHandle
FreeLibrary
SetEndOfFile
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLastError
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentDirectoryA
DeleteFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
RtlUnwind
MultiByteToWideChar
ReadFile
SetFilePointer
RaiseException
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileW

user32

wsprintfA
LoadStringA
MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

wininet

InternetCloseHandle
InternetConnectA
FtpPutFileA
InternetOpenA

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3dd8af8d137ba7ebfd3d330e30b3c91

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wininet

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 296KB - Virtual size: 295KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 296KB - Virtual size: 295KB