JaffaCakes118_12d16205504a26ca42877320e0dd4adc6c44e0c9314fc9bc07b0ca900f08db58

General

Target

JaffaCakes118_12d16205504a26ca42877320e0dd4adc6c44e0c9314fc9bc07b0ca900f08db58
Size

1.3MB
MD5

1ac021ba2ff60099fa8788d6be7e8c02
SHA1

1f367024abab3a17f1366f37aad956ac5290dce0
SHA256

12d16205504a26ca42877320e0dd4adc6c44e0c9314fc9bc07b0ca900f08db58
SHA512

a08e27d124672cc55066961aa80c37ae09480ff4f234b50a23cb81529de67c9aba01eb06317f4d0bc99810591a3e17cacfe2a1ae5bedf043607a6af0ef536297
SSDEEP

24576:0UHwjE1JleNsKYn01OfrcZBiYJSD0qGs94wZjLALrD2:fQY1msKYnWZBiYAD0yWyjLAK

Score

9^/10

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/PhpDataObject._fdp.bin	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/PhpDataObject._fdp.bin	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/PhpDataObject._fdp.bin	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PhpDataObject._fdp.bin

JaffaCakes118_12d16205504a26ca42877320e0dd4adc6c44e0c9314fc9bc07b0ca900f08db58
.zip

Password: infected
PhpDataObject._fdp.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ