94413713779e6aefe1bfd89bab03ab4a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

94413713779e6aefe1bfd89bab03ab4a_JaffaCakes118
Size

322KB
MD5

94413713779e6aefe1bfd89bab03ab4a
SHA1

accf7f10824e9c1b74833b9df01c41e1c6418fc1
SHA256

c9fe245826fed144c9b261d86fa3901f290746672c5465de4e50bc1765b105ad
SHA512

f1ce4ad3899e167f1825abf538b4ce50349052a373c5c7155fb602c256e6dc8621b55caa2efe7d607cf2392e356a978f063cb31407d2f6b816d382a8f85f566b
SSDEEP

6144:/7lWnhIJymlIWnFKJASv2Q3wRZBXuxLHFhAtykihA:/o8yZgcXr3wRqzFPkv

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94413713779e6aefe1bfd89bab03ab4a_JaffaCakes118

Files

94413713779e6aefe1bfd89bab03ab4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f85e88da76c4efb7cf662d3a474072bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb

Imports

msvcrt

exit
_wcmdln
__wgetmainargs
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
realloc
_gmtime64
_purecall
qsort
_itow
_wcsupr
_cexit
strchr
_strlwr
wcsncmp
free
modf
_memicmp
wcstoul
malloc
__dllonexit
strcpy
strcmp
_XcptFilter
_exit
_c_exit
_wcslwr
_onexit
wcsrchr
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
log
wcscmp
abs
wcslen
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
_snwprintf
wcscat
__set_app_type
_controlfp
_except_handler3
memchr
strftime
__p__fmode
__p__commode

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDiskFreeSpaceW
AreFileApisANSI
GetFullPathNameW
EnterCriticalSection
LockFileEx
FormatMessageA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
LockFile
FlushFileBuffers
UnlockFile
DeleteFileA
GetFullPathNameA
InitializeCriticalSection
CreateFileA
GetModuleHandleA
GetStartupInfoW
GetSystemTime
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
CloseHandle
LocalFree
GetFileSize
SystemTimeToFileTime
CopyFileW
CreateFileW
FileTimeToLocalFileTime
DeleteFileW
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
CompareFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
GlobalLock
FormatMessageW
FindClose
GetVersionExW
GetWindowsDirectoryW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
SetFilePointer
GetModuleFileNameW
LockResource
lstrcpyW
lstrlenW
GlobalAlloc
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
LoadLibraryExW
FindNextFileW
SizeofResource
GetFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
GetCurrentProcessId
ExitProcess
GetCurrentProcess
ReadProcessMemory
SetCurrentDirectoryW
OpenProcess
EnumResourceTypesW
CreateFileMappingW
GetDiskFreeSpaceA
Sleep
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
SetEndOfFile

user32

GetDlgCtrlID
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
LoadCursorW
ChildWindowFromPoint
ShowWindow
SetCursor
GetSysColorBrush
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
GetParent
GetCursorPos
GetSysColor
GetMenu
SetClipboardData
EnableWindow
GetSubMenu
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
DispatchMessageW
OpenClipboard
ModifyMenuW
GetMenuItemInfoW
GetClassNameW
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
EndDeferWindowPos

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f85e88da76c4efb7cf662d3a474072bd

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 251KB - Virtual size: 251KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 251KB - Virtual size: 251KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 21KB - Virtual size: 20KB