General

Malware Config

Signatures

Files

• 4c640f826205255714a7a5ad0eac1758_JaffaCakes118

  .exe windows:6 windows x86 arch:x86

  9df3d9786c2902d7b8cd0088fc377fa8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\Six\was\Make\Ready\organGuide.pdb

  Imports

  kernel32

  GetConsoleMode

  WriteConsoleW

  SetFilePointerEx

  CloseHandle

  VirtualProtect

  GetSystemInfo

  GetCurrentDirectoryW

  SetSystemPowerState

  FormatMessageW

  Sleep

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  GetProcessHeap

  GetCPInfo

  SetStdHandle

  GetEnvironmentVariableW

  GetConsoleCP

  FlushFileBuffers

  GetStringTypeW

  LCMapStringW

  HeapReAlloc

  OutputDebugStringW

  GetOEMCP

  GetACP

  IsValidCodePage

  LoadLibraryExW

  LeaveCriticalSection

  EnterCriticalSection

  GetModuleHandleW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateProcess

  GetCurrentProcess

  InitializeCriticalSectionAndSpinCount

  SetUnhandledExceptionFilter

  CreateFileW

  UnhandledExceptionFilter

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCurrentProcessId

  QueryPerformanceCounter

  GetStartupInfoW

  DeleteCriticalSection

  GetFileType

  GetCurrentThreadId

  HeapAlloc

  EncodePointer

  DecodePointer

  GetCommandLineW

  RaiseException

  RtlUnwind

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetLastError

  ExitProcess

  GetModuleHandleExW

  GetProcAddress

  MultiByteToWideChar

  WideCharToMultiByte

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  HeapSize

  HeapFree

  SetLastError

  comctl32

  ImageList_LoadImageW

  ImageList_SetOverlayImage

  ImageList_Destroy

  CreateStatusWindowW

  CreateToolbarEx

  DestroyPropertySheetPage

  ord17

  ole32

  CoUninitialize

  CoInitialize

  OleCreate

  OleInitialize

  advapi32

  ControlService

  RegisterServiceCtrlHandlerW

  RegOpenKeyExW

  FreeSid

  SetEntriesInAclW

  SetServiceStatus

  AllocateAndInitializeSid

  QueryServiceStatus

  LookupPrivilegeValueW

  SetSecurityDescriptorDacl

  RegDeleteKeyW

  InitializeSecurityDescriptor

  RegQueryValueExW

  RegCreateKeyExW

  OpenServiceW

  StartServiceCtrlDispatcherW

  OpenSCManagerW

  OpenThreadToken

  OpenProcessToken

  CreateServiceW

  RegCloseKey

  wsnmp32

  ord903

  ord105

  ord605

  ord905

  ord601

  ord400

  ord501

  ord500

  ord600

  ord301

  ord606

  ord204

  ord205

  ord120

  ord103

  ord902

  ord604

  ord107

  ord302

  ord203

  ord104

  ord603

  ord602

  ord202

  ord901

  ord102

  ord320

  ord900

  ord200

  ord222

  ord402

  ord221

  ord503

  ord106

  ord904

  ord502

  ord401

  ord504

  ord999

  ord201

  ord300

  ord906

  ord206

  ord220

  Sections

  .text

  Size: 148KB - Virtual size: 147KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 57KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 18KB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ