cee3556deadc93a937afc3d38a3c09b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cee3556deadc93a937afc3d38a3c09b5_JaffaCakes118
Size

123KB
MD5

cee3556deadc93a937afc3d38a3c09b5
SHA1

0ffed8d194d5729826c53b84b3f4253824ef2345
SHA256

4f8a30955915e2a812de3ec6a57eb29e6516fd369de723596d1109acec5492df
SHA512

e6d0cee303c82c79f7b11964499d3f3867f277119fecde0b0efe6531fbbf7a28efe04c21308793cabc9081d2a4a706369ae6d3e861078472c1d1d369b362d387
SSDEEP

3072:3FPKf3tCMQaLnqcjZbkIToYieJwYadQMBEfB:VS5hXoTeidQb

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cee3556deadc93a937afc3d38a3c09b5_JaffaCakes118

Files

cee3556deadc93a937afc3d38a3c09b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08ff1adb2434b22e29009b647f6e23fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\WebSiteSniffer\Release\WebSiteSniffer.pdb

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_snwprintf
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
fopen
fread
fprintf
sprintf
strlen
malloc
_ultow
wcscmp
wcschr
free
modf
_memicmp
wcstoul
_wtoi
wcsrchr
strtoul
_itow
_wcsnicmp
memcmp
strcpy
??2@YAPAXI@Z
__dllonexit
_purecall
_wcslwr
qsort
??3@YAXPAX@Z
wcslen
memcpy
_wcsicmp
wcscpy
memset
strcmp
_stricmp
wcscat
wcsncat
ferror
ftell
fclose
_errno

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

inet_addr
htons
WSAAsyncSelect
setsockopt
recv
inet_ntoa
WSAIoctl
socket
closesocket
WSAStartup
WSACleanup
bind

kernel32

GlobalFree
ReadProcessMemory
GetCurrentProcess
ExitProcess
EnumResourceTypesW
WaitForSingleObject
GetCurrentThreadId
CreateThread
GetModuleHandleA
GetStartupInfoW
OpenProcess
GetCurrentProcessId
SetErrorMode
GetStdHandle
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetFileSize
GetVersionExW
GetTempFileNameW
FormatMessageW
GlobalLock
SizeofResource
CreateDirectoryW
GetLocaleInfoW
GetTempPathW
GlobalUnlock
LoadLibraryExW
GlobalAlloc
LoadResource
lstrcpyW
lstrlenW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetTickCount
CreateFileMappingW
CreateFileW
CloseHandle
SetFilePointer
DeleteFileW
MapViewOfFile
GetLastError
UnmapViewOfFile
GetFileAttributesW
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
WriteFile
GetNumberFormatW
LockResource
LocalFree
MultiByteToWideChar
FindResourceW

user32

SetForegroundWindow
PeekMessageW
DispatchMessageW
KillTimer
SetTimer
DrawTextExW
BeginDeferWindowPos
GetMessageW
PostQuitMessage
TrackPopupMenu
TranslateMessage
RegisterWindowMessageW
IsDialogMessageW
EndDeferWindowPos
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
GetDesktopWindow
SetWindowPos
DestroyWindow
LoadStringW
EnumChildWindows
CloseClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
MoveWindow
OpenClipboard
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
LoadCursorW
SetCursor
GetDlgItem
InvalidateRect
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetClientRect
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
SetWindowPlacement
MessageBoxW
SetMenu
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
GetCursorPos
GetParent
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW

gdi32

SetBkColor
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
GetStockObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08ff1adb2434b22e29009b647f6e23fc

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 9KB - Virtual size: 74KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 9KB - Virtual size: 74KB

.rsrc
Size: 23KB - Virtual size: 23KB