d4292602e6d519e75ca60db02cbe0a43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4292602e6d519e75ca60db02cbe0a43_JaffaCakes118
Size

75KB
MD5

d4292602e6d519e75ca60db02cbe0a43
SHA1

8cf54e9e5e3c7b904c8c796a9e2de38b988e747a
SHA256

fc1bc82ad3fb64775ce9abd481f58efd58c7b0a8e017efe6b52067c578919a51
SHA512

c4801bb034a8a8794546c73cbfebce220a2486675abd3e825f36665deaf28e4213aa1932778e27492949e1c68e4b61f6f9d4efcaaa58e7d62c3c728f277e7922
SSDEEP

1536:WD0hliol225DL0js2IwsgaHaIzlcAjNWOLlKAYfj:a+fH2ILgUzpflfc

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4292602e6d519e75ca60db02cbe0a43_JaffaCakes118

Files

d4292602e6d519e75ca60db02cbe0a43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3008274b77d4e467e0a7d4cd2689589e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
DeleteFileA
GetVersionExA
WideCharToMultiByte
GetSystemDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
SetLastError
GetFileSize
GetWindowsDirectoryA
GetModuleFileNameA
ReadFile
GlobalUnlock
GetLastError
WriteFile
LoadLibraryExA
FormatMessageA
LocalFree
SetFilePointer
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
GetTempPathA
GetTempFileNameA
GetCommandLineA
GlobalAlloc
GlobalLock
ExitProcess
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetACP
FreeLibrary
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapFree
HeapAlloc
SetStdHandle
FlushFileBuffers

user32

ReleaseDC
GetDC
OpenClipboard
GetCursorPos
MoveWindow
GetWindowRect
CloseClipboard
GetWindowLongA
SendDlgItemMessageA
GetSubMenu
EnableMenuItem
MessageBoxA
DialogBoxParamA
SetClipboardData
EmptyClipboard
EnableWindow
ChildWindowFromPoint
GetDlgItem
LoadCursorA
SetCursor
GetSysColorBrush
EndDialog
SetDlgItemTextA
SendMessageA
GetMenu
GetDlgItemTextA
wsprintfA
GetSystemMetrics
SetWindowPos
GetWindowPlacement
GetMessageA
TranslateMessage
DispatchMessageA
LoadAcceleratorsA
ShowWindow
UpdateWindow
TranslateAcceleratorA
RegisterClassA
PostQuitMessage
PostMessageA
DestroyWindow
SetWindowLongA
LoadMenuA
SetMenu
CreateWindowExA
LoadImageA
LoadIconA
GetClientRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetWindowTextA
SetFocus
wsprintfW
DefWindowProcA
TrackPopupMenu

gdi32

CreateFontIndirectA
SetBkMode
SetTextColor
GetDeviceCaps
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA

shell32

ShellExecuteA
DoEnvironmentSubstA

comctl32

ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ImageList_Create
CreateToolbarEx
ord6
ImageList_Destroy

rasapi32

RasSetEntryDialParamsA
RasGetEntryDialParamsA
RasEnumEntriesA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3008274b77d4e467e0a7d4cd2689589e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

rasapi32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 9KB - Virtual size: 8KB