db19075b6a18a679cc10f4a6a8be7b3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db19075b6a18a679cc10f4a6a8be7b3d_JaffaCakes118
Size

96KB
MD5

db19075b6a18a679cc10f4a6a8be7b3d
SHA1

3da06ff6009b3d68a8a5f5f40c3a5a01777ae356
SHA256

ed911e9f4a61d62b2f97922a8bc277890f4b1ff95ec1394dc6a1fdab7dcae2af
SHA512

6d7c7842cee99949d176f5846d33e64e7c5ca7de9e4670c48dab49ef5ed810c0e10ae9c80dcd535168989d39e8e53271e03edebcb2f4d53ca5b6042fa4694041
SSDEEP

1536:KHMWvbUW1YC9Xn+jOs9aUjsxhe2k11emO1bK2Rgmc/79X0dZbn9w2K0f:uMWvbH1Yy+C49jYJcerbG7/g9w2K0f

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db19075b6a18a679cc10f4a6a8be7b3d_JaffaCakes118

Files

db19075b6a18a679cc10f4a6a8be7b3d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b809905358c0eaa9b7750661bba40ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\mailpv\Release\mailpv.pdb

Imports

msvcrt

_strnicmp
wcsncmp
wcschr
wcslen
_itoa
_strlwr
qsort
strncmp
_mbsnbicmp
_snprintf
_mbsrchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
modf
memcmp
strtoul
strcmp
malloc
_memicmp
strrchr
_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
atoi
log
_strcmpi
wcsstr
strcat
free
exit
_adjust_fdiv
_mbscmp
strchr
_purecall
abs
_ultoa
_mbsicmp
strcpy
memset
strlen
strncat
sprintf
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__setusermatherr

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetStdHandle
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetComputerNameA
GetTempPathA
CloseHandle
GetVersionExA
ReadFile
GetWindowsDirectoryA
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
DeleteFileA
OpenProcess
GetStartupInfoA
FormatMessageA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalFree
WriteFile
GetPrivateProfileSectionA
LoadLibraryA
FreeLibrary
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
GetModuleFileNameA
FindNextFileA
FindFirstFileA
LoadLibraryExA
SetFilePointer
GetLastError
GetFileAttributesA
GetTempFileNameA
FindClose

user32

SetClipboardData
GetFocus
DispatchMessageA
DrawTextExA
IsDialogMessageA
GetMessageA
TranslateMessage
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
PostMessageA
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
DestroyWindow
ModifyMenuA
CreateDialogParamA
SetCursor
ChildWindowFromPoint
LoadCursorA
GetSysColorBrush
ShowWindow
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetWindowRect
GetSystemMetrics
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetWindowPlacement
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
OpenClipboard
GetDC
EmptyClipboard
GetSubMenu
MoveWindow
EnableMenuItem
ReleaseDC
CheckMenuItem
LoadStringA
GetMenuItemCount
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
LoadImageA
GetSysColor
GetClassNameA
CloseClipboard
GetMenu
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent

gdi32

SelectObject
DeleteObject
SetTextColor
CreateFontIndirectA
SetBkMode
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b809905358c0eaa9b7750661bba40ef

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB