735616922c8f6d12c77fe8380cc45c63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

735616922c8f6d12c77fe8380cc45c63_JaffaCakes118
Size

86KB
MD5

735616922c8f6d12c77fe8380cc45c63
SHA1

3df75d21ea44ab9effa10578538aebc91d411245
SHA256

22cde70dee00d2f5071739d89658114e0cadf7f7fbf742e7b60931625f88df78
SHA512

6b67fde6c19d5074c046e9e78051cc2c47133a522d655befa70b7af450c5c693fb81c25e15060ed45fcfad24fdebd026d9fc3b4604f1d7488debd02885dacc82
SSDEEP

1536:byw+QKxr7LVOHk3Rtuqx0V6cAiDUbbACR+ncvR+4kIhxzsmM6JFma:mwdKOHAPq9W58cvRkIHomM6JFma

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
735616922c8f6d12c77fe8380cc45c63_JaffaCakes118

Files

735616922c8f6d12c77fe8380cc45c63_JaffaCakes118
.exe windows:4 windows x64 arch:x64

dbc815cacc53a8fde48e8b30ba93342c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_Create
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateToolbarEx
ord6
ord17

msvcrt

_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_strlwr
_itoa
atoi
strcmp
_memicmp
strchr
strrchr
malloc
free
__getmainargs
_initterm
__setusermatherr
modf
memcmp
strtoul
_ultoa
strlen
wcslen
strcpy
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
memset
_strcmpi
memcpy
strcat
strncat
sprintf
_commode
_fmode
__set_app_type

kernel32

OpenProcess
GetModuleHandleA
WriteProcessMemory
GetStartupInfoA
FreeLibrary
ReadProcessMemory
GetCurrentProcess
ExitProcess
DeleteFileA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
GetModuleFileNameA
WriteFile
GetCurrentProcessId
GlobalUnlock
GetProcAddress
GlobalLock
LoadLibraryA
WideCharToMultiByte
GetLocaleInfoA
GetLastError
LoadLibraryExA
GlobalAlloc
GetTempFileNameA
GetFileAttributesA
GetVersionExA
CloseHandle
ReadFile
GetTempPathA
CreateFileA
GetNumberFormatA
LocalFree
GetFileSize
FormatMessageA
GetWindowsDirectoryA
lstrcpyA

user32

UpdateWindow
LoadImageA
GetWindowTextLengthA
GetMessageA
SetTimer
ReleaseCapture
GetSystemMetrics
GetWindowPlacement
IsDialogMessageA
TranslateMessage
EndDeferWindowPos
PostQuitMessage
TrackPopupMenu
SetCapture
RegisterClassA
BeginDeferWindowPos
CreateWindowExA
EndDialog
SendMessageA
LoadCursorA
GetDlgItem
SetWindowTextA
ChildWindowFromPoint
GetSysColorBrush
SetCursor
SetDlgItemTextA
MessageBoxA
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
RegisterWindowMessageA
LoadIconA
EnumChildWindows
SendMessageTimeoutA
GetWindowLongA
SetWindowLongA
SendDlgItemMessageA
GetDlgItemInt
InvalidateRect
SetDlgItemInt
SetFocus
SetClipboardData
EnableWindow
EmptyClipboard
MapWindowPoints
EnableMenuItem
GetClientRect
ReleaseDC
OpenClipboard
GetWindowRect
ScreenToClient
CloseClipboard
GetMenuItemCount
MoveWindow
GetMenuStringA
GetSubMenu
GetMenu
GetCursorPos
CheckMenuItem
GetDC
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
GetMenuItemInfoA
SetWindowPos
DestroyIcon
DeferWindowPos
WindowFromPoint
DispatchMessageA
PostMessageA
SetMenu
ShowWindow
LoadAcceleratorsA
GetSysColor
GetFocus
DefWindowProcA
TranslateAcceleratorA
KillTimer

gdi32

PatBlt
SelectObject
GetDeviceCaps
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SetTextColor
CreateSolidBrush

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegDeleteKeyA

shell32

ExtractIconExA
ShellExecuteA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize
GetHGlobalFromStream

oleaut32

SysFreeString

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbc815cacc53a8fde48e8b30ba93342c

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 13KB