e26d759c3d3b96984d30cc0541ab72f8_JaffaCakes118

General

Target

e26d759c3d3b96984d30cc0541ab72f8_JaffaCakes118
Size

651KB
MD5

e26d759c3d3b96984d30cc0541ab72f8
SHA1

295b41fb6ac2595ea374aa11277d4f4ad44c6907
SHA256

2d2a38c6376c914f2b906f95cd8ba5a4f591ede537c9a93f0f288a0f2414559b
SHA512

a020f5f9321e8a44faff070d6675fd435edf2894ea51adf95d5a63a374e41b0ed1916e5437d1219e0d3665118235bd2d6816744d23859d7d0313bbec68ff151e
SSDEEP

12288:u9ezo2qgVfngher/14qI+imdk+kUgp/BmJ4e52AopF7tQiRHFqr:no3er/140i+knpJmJ4e52AeFJHFm

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e26d759c3d3b96984d30cc0541ab72f8_JaffaCakes118

Files

e26d759c3d3b96984d30cc0541ab72f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
realloc
free
strncpy
strlen
strcpy
strcat
sprintf

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
HeapFree
HeapAlloc
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
GetProcessHeap
FreeLibrary
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
WideCharToMultiByte
HeapSize
DeleteFileA
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
HeapReAlloc

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

Sections

.code Size: 10KB - Virtual size: 9KB

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 33B

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata2 Size: 620KB - Virtual size: 619KB

.code
Size: 10KB - Virtual size: 9KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 33B

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata2
Size: 620KB - Virtual size: 619KB