bb4f9638dcfd17279a5d315ef8093511_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bb4f9638dcfd17279a5d315ef8093511_JaffaCakes118
Size

311KB
MD5

bb4f9638dcfd17279a5d315ef8093511
SHA1

a299952df069203f18ff4ffd2b9daf2f1d039a9e
SHA256

a87651cf3ffd7550018294c1b6a5c987f7f8bf29e205b82b31a76f518050b3fd
SHA512

2e49f39edcb066cc5736c030af85d9fec24f3bf3ba95ebe8dd6fdb1a858d9587e4931ee2d659b9929650f8cbad6a00e512bd904cfd9796b1f9632296748f9a61
SSDEEP

6144:LqGrfycuzMMN+3ORXCUHn3hkoOjuO4PdDP/g/Jzz2p:xxMNKOgw3sjuVdQBGp

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/PasswordScan.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PasswordScan.exe

Files

bb4f9638dcfd17279a5d315ef8093511_JaffaCakes118
.zip
PasswordScan.chm
.chm
PasswordScan.exe
.exe windows:4 windows x64 arch:x64

5b031b0d6806546a18d1828b7e261265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_onexit
__dllonexit
_purecall
modf
wcstoul
__set_app_type
_wcsupr
_wcslwr
strchr
_memicmp
memmove
_initterm
_wtoi64
_wcsnicmp
??2@YAPEAX_K@Z
__setusermatherr
_fmode
wcsncat
_commode
_strlwr
??3@YAXPEAX@Z
strftime
realloc
malloc
free
_gmtime64
_wtoi
_wcsicmp
wcschr
_itow
wcsrchr
_snwprintf
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
wcsncmp
_XcptFilter
memcmp
memset
memcpy
log

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

kernel32

VirtualFreeEx
WaitForSingleObject
LocalAlloc
CreateToolhelp32Snapshot
Process32NextW
WriteProcessMemory
ResumeThread
CreateRemoteThread
EnumResourceTypesW
GetComputerNameW
GetStartupInfoW
VirtualAllocEx
Process32FirstW
ReadProcessMemory
ExitProcess
SetErrorMode
GetStdHandle
SetFilePointerEx
lstrcpyW
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
CopyFileW
CreateFileW
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetFileSize
CreateFileA
LockFileEx
EnterCriticalSection
GetCurrentProcessId
SetFilePointer
WideCharToMultiByte
GetDiskFreeSpaceW
GetTempPathA
MapViewOfFile
UnmapViewOfFile
Sleep
GetSystemTime
SetEndOfFile
AreFileApisANSI
FormatMessageW
DeleteFileA
GetVersionExW
CreateFileMappingW
QueryPerformanceCounter
LeaveCriticalSection
GetFileAttributesA
GetDiskFreeSpaceA
GetFileAttributesW
UnlockFile
GetSystemInfo
ReadFile
LockFile
GetTickCount
UnlockFileEx
FlushFileBuffers
GetSystemTimeAsFileTime
GetTempPathW
GetFileAttributesExW
FormatMessageA
GetFullPathNameW
DeleteCriticalSection
GetFullPathNameA
WriteFile
GetLastError
InitializeCriticalSection
ExpandEnvironmentStringsW
FindFirstFileW
FindClose
FindNextFileW
GetCurrentProcess
OpenProcess
DuplicateHandle
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleHandleW
GetTempFileNameW
GetModuleFileNameW
LockResource
lstrlenW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
FindResourceW
LoadResource
LoadLibraryExW
SizeofResource
GlobalLock
GetWindowsDirectoryW

user32

PeekMessageW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
DrawTextExW
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorW
SetWindowTextW
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
GetWindowRect
EndDialog
GetDlgItemInt
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
SetWindowPlacement
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
TranslateAcceleratorW
LoadIconW
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
GetParent
BeginDeferWindowPos
SetTimer
EndDeferWindowPos
KillTimer
ModifyMenuW
GetDlgCtrlID
GetMenuItemInfoW
DestroyMenu
GetMenuItemCount
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
SetWindowPos
GetDesktopWindow
DestroyWindow
GetClassNameW
GetWindowTextW
LoadMenuW
GetCursorPos
CheckMenuItem
GetSysColor
GetMenu
GetSubMenu
SetClipboardData
EnableWindow
GetDC
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
OpenClipboard
CloseClipboard
GetMenuStringW
MoveWindow
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage

gdi32

GetStockObject
GetDeviceCaps
SelectObject
CreateFontIndirectW
SetBkMode
SetTextColor
DeleteObject
GetTextExtentPoint32W
SetBkColor

comdlg32

FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
RegSetValueExW
RegEnumKeyExW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

5b031b0d6806546a18d1828b7e261265

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 454KB - Virtual size: 453KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 26KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 454KB - Virtual size: 453KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 26KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 25KB - Virtual size: 25KB