3f7e80e3637a5a06b47bd98a76f159ed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f7e80e3637a5a06b47bd98a76f159ed_JaffaCakes118
Size

44KB
MD5

3f7e80e3637a5a06b47bd98a76f159ed
SHA1

5b7a8eee8ddefd0b9a161170bafa7112d51b0c21
SHA256

d7ed1083aca2e23b59710ecd108706e4d850d9b0d3dd8a6a6cf1d5c5b0265868
SHA512

f0c7977cb7ac5edb7fa5c3c94ddaba67903496d494b9154a5ad9311b8df7672abc2acec6af5c15460791f0c4c375229f69e00220d4d2ee861a033fa6467efe9f
SSDEEP

768:ZC7ImD1B+u/XKT1zqAxIvIF+PRjjyB/up3mERWuFor6KBGibuXZ4E7QCdb1ck3zs:ZC7jD1BgpqAxIw+RrJmpiKxyx7Fdb1Jj

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/dialupass2.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dialupass2.exe

Files

3f7e80e3637a5a06b47bd98a76f159ed_JaffaCakes118
.zip
dialupass.chm
.chm
dialupass2.exe
.exe windows:4 windows x86 arch:x86

3008274b77d4e467e0a7d4cd2689589e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
DeleteFileA
GetVersionExA
WideCharToMultiByte
GetSystemDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
SetLastError
GetFileSize
GetWindowsDirectoryA
GetModuleFileNameA
ReadFile
GlobalUnlock
GetLastError
WriteFile
LoadLibraryExA
FormatMessageA
LocalFree
SetFilePointer
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
GetTempPathA
GetTempFileNameA
GetCommandLineA
GlobalAlloc
GlobalLock
ExitProcess
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetACP
FreeLibrary
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapFree
HeapAlloc
SetStdHandle
FlushFileBuffers

user32

ReleaseDC
GetDC
OpenClipboard
GetCursorPos
MoveWindow
GetWindowRect
CloseClipboard
GetWindowLongA
SendDlgItemMessageA
GetSubMenu
EnableMenuItem
MessageBoxA
DialogBoxParamA
SetClipboardData
EmptyClipboard
EnableWindow
ChildWindowFromPoint
GetDlgItem
LoadCursorA
SetCursor
GetSysColorBrush
EndDialog
SetDlgItemTextA
SendMessageA
GetMenu
GetDlgItemTextA
wsprintfA
GetSystemMetrics
SetWindowPos
GetWindowPlacement
GetMessageA
TranslateMessage
DispatchMessageA
LoadAcceleratorsA
ShowWindow
UpdateWindow
TranslateAcceleratorA
RegisterClassA
PostQuitMessage
PostMessageA
DestroyWindow
SetWindowLongA
LoadMenuA
SetMenu
CreateWindowExA
LoadImageA
LoadIconA
GetClientRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetWindowTextA
SetFocus
wsprintfW
DefWindowProcA
TrackPopupMenu

gdi32

CreateFontIndirectA
SetBkMode
SetTextColor
GetDeviceCaps
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA

shell32

ShellExecuteA
DoEnvironmentSubstA

comctl32

ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ImageList_Create
CreateToolbarEx
ord6
ImageList_Destroy

rasapi32

RasSetEntryDialParamsA
RasGetEntryDialParamsA
RasEnumEntriesA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3008274b77d4e467e0a7d4cd2689589e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

rasapi32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 9KB - Virtual size: 8KB