310cb24715fe8fa78d0a3a1016615f55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

310cb24715fe8fa78d0a3a1016615f55_JaffaCakes118
Size

49KB
MD5

310cb24715fe8fa78d0a3a1016615f55
SHA1

3e97fb202f7be3935b59d0390d56753a3a5119f5
SHA256

ea841b1aa87f5ac9e3cecc4e36e4558f8fcc271bc84f5a058ab4691aa2d10ed1
SHA512

4e5fc66a2dc3d4c84e0db7e0b33aa69ddc59cefbff76bf12c18360bb5303056c4e9f9d4484194d29cc26c14ee690b575fd54a543c28a4d4d53bd08be94cb348a
SSDEEP

1536:45SZ04VEhnvV6DdcLg+8HDRlmbO9d07Jl2pO2VM4:qS5EhnvVWEg5/9d0Jl2E2VM4

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/Dialupass.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dialupass.exe

Files

310cb24715fe8fa78d0a3a1016615f55_JaffaCakes118
.zip
Dialupass.chm
.chm
Dialupass.exe
.exe windows:4 windows x86 arch:x86

4e69ae93cb7605f9ffc0d08ac7061c12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Projects\VS2005\Dialupass\Release\Dialupass.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_wcslwr
qsort
_purecall
_itow
malloc
free
modf
memcmp
wcstoul
__set_app_type
_controlfp
_except_handler3
_c_exit
_memicmp
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
wcschr
_wcsnicmp
_wtoi
memcpy
strlen
abs
_wcsicmp
wcslen
wcscmp
log
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rasapi32

RasGetEntryDialParamsW
RasSetEntryDialParamsW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
DeleteFileW
SetErrorMode
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetVersionExW
GlobalLock
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
WriteFile
FindClose
FormatMessageW
SizeofResource
FindNextFileW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
CloseHandle
MultiByteToWideChar
GetFileSize
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
LocalFree
FindFirstFileW
LockResource
ReadFile
lstrcpyW
GetModuleFileNameW
CreateFileW
lstrlenW
GlobalAlloc
GlobalUnlock
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
GetLastError

user32

PostQuitMessage
GetMessageW
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
SetWindowPos
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadStringW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
GetSubMenu
GetMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
CloseClipboard
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
GetParent
DestroyMenu
DialogBoxParamW
CreateDialogParamW
DestroyWindow
EnumChildWindows
SendDlgItemMessageW

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

4e69ae93cb7605f9ffc0d08ac7061c12

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

rasapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 11KB