General

Malware Config

Signatures

Files

• 06332c76bab3c4b5b15158f41f92b3b8_JaffaCakes118

  .exe windows:6 windows x86 arch:x86

  1c14a16a4ca779584c95e99d7f1fc8e1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ReadFile

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  WriteFile

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  SetFilePointer

  GetFullPathNameA

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  CreateFileW

  GetFileAttributesW

  GetCurrentThreadId

  UnmapViewOfFile

  HeapValidate

  HeapSize

  GetTempPathA

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  WaitForSingleObjectEx

  DeleteFileW

  HeapReAlloc

  GetSystemInfo

  LoadLibraryW

  AreFileApisANSI

  HeapCompact

  HeapDestroy

  UnlockFile

  LocalFree

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetProcessHeap

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  GetCommandLineW

  GetCurrentProcess

  GetProcessId

  lstrlenA

  lstrcatA

  GetCommandLineA

  QueryFullProcessImageNameA

  GetVersionExA

  WTSGetActiveConsoleSessionId

  ExitProcess

  VerSetConditionMask

  VerifyVersionInfoW

  lstrcmpiW

  UnregisterWaitEx

  QueryDepthSList

  InterlockedPopEntrySList

  VirtualFree

  FreeLibrary

  GetModuleFileNameA

  GetComputerNameA

  CreateThread

  OpenSemaphoreA

  LocalAlloc

  WaitForSingleObject

  CreateMutexA

  WideCharToMultiByte

  MultiByteToWideChar

  CreateEventA

  SetEvent

  GetCurrentProcessId

  LoadLibraryA

  CreateDirectoryA

  GetProcAddress

  FindClose

  FindNextFileA

  FindFirstFileA

  SizeofResource

  GetLastError

  CopyFileA

  LoadResource

  CloseHandle

  Process32Next

  DeleteFileA

  LockResource

  GetFileAttributesA

  Sleep

  CreateToolhelp32Snapshot

  GetModuleHandleA

  FindResourceA

  TerminateProcess

  Process32First

  MoveFileA

  HeapAlloc

  VirtualProtect

  VirtualAlloc

  GetVersionExW

  GetThreadTimes

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  EncodePointer

  DecodePointer

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  LCMapStringA

  GetUserDefaultLCID

  GetStringTypeExA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  ResetEvent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  ReleaseSemaphore

  CreateSemaphoreW

  RtlUnwind

  RaiseException

  InterlockedPushEntrySList

  InterlockedFlushSList

  LoadLibraryExW

  GetDriveTypeW

  GetFileInformationByHandle

  GetFileType

  PeekNamedPipe

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  GetModuleHandleExW

  ExitThread

  FreeLibraryAndExitThread

  GetModuleFileNameW

  GetStdHandle

  GetCurrentThread

  GetConsoleCP

  GetConsoleMode

  GetCurrentDirectoryW

  GetDateFormatW

  GetTimeFormatW

  IsValidLocale

  EnumSystemLocalesW

  SetStdHandle

  ReadConsoleW

  SetFilePointerEx

  GetTimeZoneInformation

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  MoveFileExW

  WriteConsoleW

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  DuplicateHandle

  GetExitCodeThread

  CreateTimerQueue

  SignalObjectAndWait

  SetThreadPriority

  GetThreadPriority

  user32

  LoadStringA

  SetTimer

  GetMessageA

  TranslateMessage

  DispatchMessageA

  advapi32

  AdjustTokenPrivileges

  CreateProcessAsUserA

  RegCloseKey

  StartServiceCtrlDispatcherA

  SetTokenInformation

  LookupPrivilegeValueA

  GetUserNameA

  OpenProcessToken

  DuplicateTokenEx

  GetTokenInformation

  CloseServiceHandle

  SetServiceStatus

  RegisterServiceCtrlHandlerA

  OpenSCManagerA

  OpenServiceA

  SetSecurityDescriptorDacl

  ConvertSidToStringSidA

  LookupAccountNameA

  InitializeSecurityDescriptor

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptReleaseContext

  RegGetValueA

  RegCreateKeyExA

  RegSetValueExA

  RegOpenKeyExA

  RegDeleteValueA

  shell32

  ShellExecuteExA

  CommandLineToArgvW

  ole32

  CoInitializeEx

  CoCreateInstance

  CoUninitialize

  wtsapi32

  WTSQueryUserToken

  userenv

  CreateEnvironmentBlock

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 240KB - Virtual size: 240KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 51KB - Virtual size: 51KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ