ec0262184c5a17d0b0d504a10e6cd451_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec0262184c5a17d0b0d504a10e6cd451_JaffaCakes118
Size

314KB
MD5

ec0262184c5a17d0b0d504a10e6cd451
SHA1

6be9be053c9dd7f7aac0963d423a67695d8d7aed
SHA256

38f8abf29e512cf8091a98554384d99e8e82354018c3e7c46aa67eb5fc4bd4ca
SHA512

6add6b9726c96406c0ef2b5e290aedf246b7f097a01f9789c22a6af220bc7eb24277810f3e5081887d20d5b79ca4c3b293e02724c754aba9a076c42ae5d66462
SSDEEP

6144:gncyO25e0bEZ5qfn86SIh/LvPTnNfyAt+kihx:gkMeRG2Ih/7hfAkk

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec0262184c5a17d0b0d504a10e6cd451_JaffaCakes118

Files

ec0262184c5a17d0b0d504a10e6cd451_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5af1194d684342a827d7e9bfdb476e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb

Imports

msvcrt

__wgetmainargs
_initterm
wcsncat
__setusermatherr
_adjust_fdiv
memchr
strftime
realloc
_gmtime64
_purecall
qsort
_itow
_wcsupr
_wcmdln
strchr
_strlwr
wcsncmp
wcschr
free
wcscmp
modf
_c_exit
_memicmp
_exit
exit
_cexit
_XcptFilter
_wcslwr
wcstoul
_wcsicmp
malloc
strcpy
strcmp
wcsrchr
_wcsnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
wcslen
memcpy
wcscpy
memset
strlen
_snwprintf
wcscat
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
_wtoi
__p__fmode
__p__commode

comctl32

ord17
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

AreFileApisANSI
GetFullPathNameW
EnterCriticalSection
LockFileEx
FormatMessageA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
LockFile
FlushFileBuffers
GetDiskFreeSpaceW
DeleteFileA
GetFullPathNameA
InitializeCriticalSection
GetModuleHandleA
GetStartupInfoW
GetSystemTime
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFree
WideCharToMultiByte
WriteFile
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
GetFileSize
CloseHandle
CompareFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
FindClose
GetVersionExW
GetTempFileNameW
GetWindowsDirectoryW
GetFileAttributesW
FindFirstFileW
GetModuleHandleW
SetFilePointer
ReadFile
GetModuleFileNameW
CreateFileW
LockResource
lstrcpyW
lstrlenW
FindResourceW
GlobalAlloc
LoadResource
GlobalUnlock
GetTempPathW
LoadLibraryExW
FindNextFileW
SizeofResource
GetFileTime
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
DeleteFileW
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
SetCurrentDirectoryW
OpenProcess
EnumResourceTypesW
CreateFileA
CreateFileMappingW
GetDiskFreeSpaceA
Sleep
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
SetEndOfFile
LeaveCriticalSection

user32

CreateDialogParamW
GetMessageW
PostQuitMessage
DispatchMessageW
EndDeferWindowPos
TrackPopupMenu
RegisterWindowMessageW
SetCursor
GetSysColorBrush
LoadCursorW
ChildWindowFromPoint
ShowWindow
SetDlgItemInt
SetWindowTextW
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadIconW
LoadImageW
GetWindowLongW
SetFocus
GetMenuStringW
MoveWindow
GetMenuItemCount
CloseClipboard
CheckMenuItem
GetParent
GetCursorPos
GetSysColor
SetClipboardData
EnableWindow
GetMenu
MapWindowPoints
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
BeginDeferWindowPos
OpenClipboard
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DrawTextExW
IsDialogMessageW
TranslateMessage

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetOpenFileNameW
FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.TEXT
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RDATA
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5af1194d684342a827d7e9bfdb476e9

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.TEXT Size: 246KB - Virtual size: 245KB

.RDATA Size: 43KB - Virtual size: 42KB

.DATA Size: 5KB - Virtual size: 11KB

.RSRC Size: 19KB - Virtual size: 19KB

.TEXT
Size: 246KB - Virtual size: 245KB

.RDATA
Size: 43KB - Virtual size: 42KB

.DATA
Size: 5KB - Virtual size: 11KB

.RSRC
Size: 19KB - Virtual size: 19KB