f0354d733bc57021594dba4c16194320_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0354d733bc57021594dba4c16194320_JaffaCakes118
Size

79KB
MD5

f0354d733bc57021594dba4c16194320
SHA1

454a61954cbb32e60098c939fca101f54ceef723
SHA256

a295b2ba638cbc488c0bc9faec2bac82b720a525ccee5a9becdca312480ea4c4
SHA512

070af8033fa3ac17e18ed890d980c7da9b420a1a87abac44324fccc7ea04573bdab65757feb545d2804a85dc703d5a6c41b69db20488ccc4dc8f08eced62f322
SSDEEP

1536:Mg8etowok1vIygHWfmE6EunJKdan9LxoN+JN+hk8PPOBxa5xSbwxm7Wvo:V8etoFkDHmE6EoJK+9LxeOBxa5Ykxm7x

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0354d733bc57021594dba4c16194320_JaffaCakes118

Files

f0354d733bc57021594dba4c16194320_JaffaCakes118
.exe windows:4 windows x64 arch:x64

59a3b4f2772b60f0e73288613e82ce26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\Projects\VS2005\DriverView\x64\Release\DriverView.pdb

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__setusermatherr
_mbsicmp
_purecall
qsort
_strlwr
strcmp
malloc
strtoul
memset
_snprintf
_commode
_fmode
__set_app_type
__dllonexit
free
atoi
modf
_strcmpi
memcmp
_memicmp
strrchr
strchr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
strlen
memcpy
_itoa
_stricmp
strcpy
strcat
strncat
sprintf

comctl32

ImageList_AddMasked
ImageList_Create
CreateToolbarEx
ord6
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumResourceNamesA
ExitProcess
OpenProcess
GetStartupInfoA
FileTimeToLocalFileTime
lstrlenA
GlobalUnlock
GetFileTime
CompareFileTime
GetFileAttributesA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersionExA
GetLastError
CloseHandle
FormatMessageA
GetWindowsDirectoryA
GetTempPathA
GetModuleFileNameA
LocalFree
GetDateFormatA
WriteFile
ReadFile
GetSystemDirectoryA
lstrcpyA
GetTempFileNameA
GetModuleHandleA
LoadLibraryExA
CreateFileA
GetFileSize
GlobalLock
GlobalAlloc
GetTimeFormatA

user32

TranslateMessage
DeferWindowPos
IsDialogMessageA
SetTimer
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
KillTimer
EndDeferWindowPos
GetFocus
RegisterWindowMessageA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
RegisterClassA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetSubMenu
GetMenuStringA
GetClassNameA
SetClipboardData
CloseClipboard
EnableWindow
GetCursorPos
MapWindowPoints
GetClientRect
GetSysColor
MoveWindow
OpenClipboard
GetMenu
CheckMenuItem
EmptyClipboard
EnableMenuItem
GetDC
ReleaseDC
GetMenuItemCount
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
DialogBoxParamA
DispatchMessageA
GetMessageA

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegDeleteKeyA

shell32

ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a3b4f2772b60f0e73288613e82ce26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB