def911223b0cee1f36a21e488086c0ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

def911223b0cee1f36a21e488086c0ee_JaffaCakes118
Size

162KB
MD5

def911223b0cee1f36a21e488086c0ee
SHA1

97893d174907b659736337bb53f32c13997ef93d
SHA256

756cc849eee2c87a9136193d05cb5397547ee51f7fcd4a805c3dc8c414474606
SHA512

c89799b5d17edfb062c85781369933b938dfbc5d076a4c89b0be2acb1010f2b00b94152fa39e9714e3a8620655e0210bf5ff7cdd2dc973def66df746cf3423b0
SSDEEP

3072:K7JpOKSiM+OMqL8O1MRSRKiCmFjnl7ObJbHWWi/kWaTkCfQMBEfS:KjOKiFzGERKtmRnl782vOICfQU

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
def911223b0cee1f36a21e488086c0ee_JaffaCakes118

Files

def911223b0cee1f36a21e488086c0ee_JaffaCakes118
.exe windows:4 windows x64 arch:x64

a647cafc5a7925d08120b07697170edb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\WebSiteSniffer\x64\Release\WebSiteSniffer.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
qsort
__setusermatherr
_wcslwr
wcstoul
wcscmp
_ultow
strlen
_memicmp
malloc
sprintf
free
modf
_commode
_fmode
__set_app_type
_purecall
wcschr
wcsrchr
strtoul
_itow
_wcsnicmp
_wtoi
memcmp
strcpy
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
_stricmp
strcmp
wcscat
wcsncat
_snwprintf
fclose
ftell
_errno
fopen
fread
fprintf
ferror

comctl32

ImageList_AddMasked
CreateToolbarEx
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_SetImageCount
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

closesocket
htons
WSAAsyncSelect
socket
setsockopt
WSAStartup
WSACleanup
bind
recv
WSAIoctl
inet_addr
inet_ntoa

kernel32

GetVersionExW
GetStartupInfoW
WaitForSingleObject
CreateThread
GetCurrentThreadId
EnumResourceTypesW
FormatMessageW
GetFileAttributesW
WriteFile
OpenProcess
GlobalFree
ExitProcess
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
SetErrorMode
GetStdHandle
GetPrivateProfileIntW
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileStringW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
CloseHandle
GetLastError
DeleteFileW
GetTickCount
CreateFileMappingW
SetFilePointer
CreateFileW
MapViewOfFile
UnmapViewOfFile
FindResourceW
GetModuleFileNameW
LoadResource
LoadLibraryExW
GlobalAlloc
GetWindowsDirectoryW
MultiByteToWideChar
lstrlenW
GetNumberFormatW
LocalFree
LockResource
GlobalUnlock
lstrcpyW
GetTempFileNameW
CreateDirectoryW
GetLocaleInfoW
GetTempPathW
GlobalLock
GetFileSize
SizeofResource
ReadFile

user32

GetCursorPos
SetForegroundWindow
PeekMessageW
DispatchMessageW
SetTimer
GetMessageW
DrawTextExW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
TranslateMessage
IsDialogMessageW
EndDeferWindowPos
KillTimer
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
GetSysColorBrush
ShowWindow
DestroyWindow
SetCursor
ChildWindowFromPoint
SetDlgItemTextW
GetDlgItemTextW
SetWindowLongPtrW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowTextW
UpdateWindow
SetDlgItemInt
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
ReleaseDC
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
LoadCursorW
SetClipboardData
GetMenuStringW
EnableWindow
GetSysColor
MapWindowPoints
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
SetWindowPos
GetDesktopWindow

gdi32

SetTextColor
CreateFontIndirectW
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a647cafc5a7925d08120b07697170edb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 10KB - Virtual size: 76KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 76KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 23KB - Virtual size: 23KB