db5088b2f8addb295646530580c86abe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db5088b2f8addb295646530580c86abe_JaffaCakes118
Size

88KB
MD5

db5088b2f8addb295646530580c86abe
SHA1

9c86b33d4f6661a6b158929fa84bb8490465972b
SHA256

180bb3a0e1af1f22fdb59d1fd565e80777d761e1c08adab92e9010e789c2be69
SHA512

9d3f2166e4ecfad7722101880d9f2ef11ef9ae4f2a9760004ea7a8cb7a24b2983b8e0456ec3a442b2fc52a27dd0d3b4e0d0823f2f052f7fa1765da140a2a0c81
SSDEEP

1536:1mVAfjAMcpNG43X5JeJ9eRUxkkmGvkw9ba9bcNE9b6AB683u/aBiOg1rjL8:1mVAfjAMyNbJePoiArnUOg1rjL8

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5088b2f8addb295646530580c86abe_JaffaCakes118

Files

db5088b2f8addb295646530580c86abe_JaffaCakes118
.exe windows:4 windows x64 arch:x64

c358672c86ed03e6efa6323a64260d5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\Projects\VS2005\HeapMemView\x64\Release\HeapMemView.pdb

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
sprintf
_purecall
_mbslwr
malloc
strtoul
_mbsicmp
_commode
_fmode
__set_app_type
_onexit
memset
free
modf
memcmp
_mbscmp
_mbsrchr
_mbschr
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
strlen
_ultoa
_itoa
strcpy
_mbsnbcat
_snprintf
strcat

comctl32

ImageList_AddMasked
ImageList_Create
CreateToolbarEx
ord6
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

kernel32

GetCurrentProcessId
ExitProcess
SetErrorMode
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
EnumResourceNamesA
GetCurrentProcess
GetStartupInfoA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GetFileAttributesA
GetVersionExA
GetLastError
CloseHandle
FormatMessageA
GetWindowsDirectoryA
GetModuleFileNameA
GetTempPathA
LocalFree
WriteFile
ReadFile
GetTempFileNameA
GetModuleHandleA
LoadLibraryExA
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
OpenProcess
CreateToolhelp32Snapshot
ReadProcessMemory
Heap32ListNext
Heap32ListFirst

user32

EndPaint
FillRect
SetCapture
ReleaseCapture
LoadCursorA
ShowWindow
SetCursor
ChildWindowFromPoint
GetSysColorBrush
SetWindowTextA
SendDlgItemMessageA
SetDlgItemInt
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemTextA
SetWindowPos
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
UpdateWindow
MessageBoxA
GetWindowRect
GetSystemMetrics
GetWindowPlacement
PostMessageA
SetMenu
SendMessageA
LoadAcceleratorsA
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
EnableMenuItem
ReleaseDC
GetDC
GetMenuItemCount
ScreenToClient
GetSubMenu
GetMenuStringA
GetClassNameA
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetClientRect
GetSysColor
MoveWindow
OpenClipboard
GetMenu
CheckMenuItem
EmptyClipboard
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
GetWindowTextA
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
DestroyIcon
GetMessageA
EndDeferWindowPos
GetFocus
BeginDeferWindowPos
DeferWindowPos
TranslateMessage
DispatchMessageA
IsDialogMessageA
TrackPopupMenu
PostQuitMessage
DrawTextExA
RegisterWindowMessageA
BeginPaint

gdi32

GetTextExtentPoint32A
GetStockObject
SetBkColor
PatBlt
GetDeviceCaps
CreateSolidBrush
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

GetSaveFileNameA
FindTextA

advapi32

RegDeleteKeyA

shell32

SHGetMalloc
SHBrowseForFolderA
ExtractIconExA
ShellExecuteA
SHGetPathFromIDListA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c358672c86ed03e6efa6323a64260d5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 13KB