General

Malware Config

Signatures

Files

• f9cf207552f932459c88e8c05f3b5140_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  dd6c195ab5b27c1e04225be282f5e145

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  FormatMessageA

  GlobalMemoryStatus

  GetConsoleMode

  CreateFileW

  GetCurrentProcess

  GetFileTime

  GetWindowsDirectoryA

  CreateFileMappingA

  GetSystemTime

  FindNextFileA

  FreeLibrary

  CreateDirectoryW

  FindFirstFileA

  GetProcessTimes

  GetFileAttributesW

  MapViewOfFile

  SetConsoleMode

  GetLocalTime

  SetFileTime

  GetEnvironmentVariableA

  LocalAlloc

  FindClose

  GetSystemTimeAdjustment

  CreateEventA

  SystemTimeToFileTime

  SetEvent

  ReadFile

  GetTickCount

  FindNextFileW

  GetLastError

  SetCurrentDirectoryW

  GetThreadTimes

  GetCurrentThreadId

  GetCurrentProcessId

  ExitProcess

  GetProcAddress

  GetOverlappedResult

  VirtualProtect

  WriteFile

  GetSystemDirectoryA

  GetCurrentThread

  TerminateProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  WideCharToMultiByte

  GetVersionExA

  SetFilePointer

  LoadLibraryA

  QueryPerformanceCounter

  WaitForSingleObject

  MultiByteToWideChar

  OpenProcess

  GetStdHandle

  GetModuleHandleA

  WaitForMultipleObjects

  SetUnhandledExceptionFilter

  FindFirstFileW

  UnmapViewOfFile

  CreateFileA

  CreateThread

  GetCurrentDirectoryW

  GetFileSize

  LocalFree

  user32

  SendMessageA

  GetCapture

  FindWindowA

  GetForegroundWindow

  GetCursorPos

  GetClipboardOwner

  GetQueueStatus

  advapi32

  RegQueryValueExA

  RegOpenKeyA

  RegDeleteKeyA

  RegEnumKeyA

  GetLengthSid

  RegCreateKeyA

  RegCreateKeyExA

  RegCloseKey

  GetUserNameA

  RegDeleteValueA

  RegSetValueExA

  CopySid

  msvcrt

  free

  memcpy

  __p__environ

  puts

  strlen

  fopen

  strcpy

  sscanf

  getenv

  system

  _cexit

  strcmp

  __set_app_type

  fputs

  _onexit

  atoi

  fflush

  atexit

  signal

  qsort

  exit

  _pctype

  remove

  realloc

  strspn

  fread

  printf

  strtol

  strcspn

  _isctype

  abort

  __mb_cur_max

  fgets

  memset

  strncpy

  time

  tolower

  __p__fmode

  _setmode

  malloc

  fputc

  strrchr

  _iob

  sprintf

  fgetc

  memchr

  memmove

  strchr

  strtoul

  strftime

  _vsnprintf

  _assert

  fwrite

  __getmainargs

  ungetc

  fclose

  fprintf

  dnsapi

  DnsReplaceRecordSetA

  DnsValidateName_W

  Sections

  .text

  Size: 506KB - Virtual size: 506KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .s2

  Size: 512B - Virtual size: 121B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .s3

  Size: 216KB - Virtual size: 216KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .s5

  Size: 50KB - Virtual size: 50KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .s6

  Size: - Virtual size: 5.4MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 832B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .s1

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .s4

  Size: 512B - Virtual size: 116B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 57B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ