3f3b01d0721f11e6ffa95b7e636ba905_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f3b01d0721f11e6ffa95b7e636ba905_JaffaCakes118
Size

1.4MB
MD5

3f3b01d0721f11e6ffa95b7e636ba905
SHA1

94e53228a279839a0dcbe95b3a1386eb976ea8de
SHA256

c10cbed8606a3baa7f63e526db3e15eeaa2ee110638cb234730be5715e068a4f
SHA512

67380bb42ba0e7219d99b2750a5d0f9aaee85f1a2efa761aa26c9a14ee6873153c63ce0f1b779342482c142b7bfb9ed9ce5222b990ca3c6c26031b3f91fb56bc
SSDEEP

24576:ZIKt4AfkVjgtOnaGuLuARV5hPmiG0Y/LbXa7XZQDVnPBf:zRM8V5hPmiG0BqJt

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3b01d0721f11e6ffa95b7e636ba905_JaffaCakes118

Files

3f3b01d0721f11e6ffa95b7e636ba905_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ