General

Malware Config

Signatures

Files

• 41c3073af06983e55cde51c7cbff389c_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  03d7ac49c1f30459ab61db0d23712583

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  H:\net\Frozen\comprises\GetPositio.pdb

  Imports

  kernel32

  CreateFileW

  FlushFileBuffers

  LCMapStringW

  GetStringTypeW

  MultiByteToWideChar

  SetStdHandle

  RtlUnwind

  HeapFree

  HeapQueryInformation

  HeapSize

  HeapReAlloc

  LoadLibraryW

  OutputDebugStringW

  WriteConsoleW

  OutputDebugStringA

  lstrlenA

  GetCPInfo

  GetOEMCP

  GetACP

  GetConsoleMode

  GetConsoleCP

  SetFilePointer

  WriteFile

  DeleteCriticalSection

  GetFileType

  InitializeCriticalSectionAndSpinCount

  DeleteFileA

  CloseHandle

  GetModuleHandleA

  GetSystemInfo

  WriteConsoleA

  LoadLibraryA

  GetProcAddress

  GetLastError

  GetStdHandle

  GetSystemDirectoryA

  GetModuleFileNameW

  ReadFile

  HeapCreate

  CreateEventA

  FreeConsole

  GetProcessHeap

  Sleep

  WaitForSingleObject

  ReadConsoleA

  HeapAlloc

  AllocConsole

  SetHandleCount

  GetEnvironmentStringsW

  WideCharToMultiByte

  FreeEnvironmentStringsW

  GetModuleFileNameA

  RaiseException

  ExitProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetTickCount

  QueryPerformanceCounter

  IsProcessorFeaturePresent

  LeaveCriticalSection

  EnterCriticalSection

  IsValidCodePage

  CreateFileA

  InterlockedDecrement

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  DecodePointer

  EncodePointer

  HeapValidate

  IsBadReadPtr

  TlsAlloc

  TlsGetValue

  TlsSetValue

  GetCurrentThreadId

  TlsFree

  GetModuleHandleW

  InterlockedIncrement

  SetLastError

  user32

  GetFocus

  RegisterClassA

  SetWindowRgn

  GetWindowRect

  SetCapture

  LoadIconA

  GetClientRect

  SendMessageA

  BeginPaint

  GetDC

  InvalidateRect

  CreateWindowExA

  ReleaseDC

  GetDlgItem

  DefWindowProcA

  ShowWindow

  SetWindowTextA

  UpdateWindow

  LoadCursorA

  MonitorFromRect

  gdi32

  MoveToEx

  LineTo

  CreateFontIndirectA

  DeleteObject

  SelectObject

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreatePen

  GetObjectA

  GetStockObject

  CreateEllipticRgn

  comdlg32

  FindTextW

  shell32

  SHGetMalloc

  SHGetDesktopFolder

  ole32

  CoInitialize

  oleaut32

  SysAllocString

  SysFreeString

  shlwapi

  StrFormatByteSizeA

  PathCompactPathA

  PathFileExistsA

  comctl32

  ord17

  snmpapi

  SnmpUtilMemAlloc

  Sections

  .text

  Size: 180KB - Virtual size: 180KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 353KB - Virtual size: 353KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .kave

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .toda

  Size: 512B - Virtual size: 307B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bidata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ