General

Malware Config

Signatures

Files

• 587fdae7d9f4e1f8922cf5a27ca4d17b_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  614c737fd1e25bc1cce86d1e601c63b3

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  winmm

  timeGetTime

  crypt32

  CertOpenSystemStoreA

  CertCloseStore

  CertEnumCertificatesInStore

  msvcrt

  isxdigit

  _read

  isupper

  fputc

  fopen

  __mb_cur_max

  _lock

  abort

  _getpid

  __doserrno

  strerror

  time

  strcspn

  printf

  getc

  _putenv

  strtoul

  strftime

  _fileno

  _getch

  __pioinfo

  memcmp

  fputs

  strncmp

  _get_osfhandle

  setvbuf

  longjmp

  isprint

  localtime

  strlen

  srand

  _unlink

  _ftime

  wcsstr

  strrchr

  fwprintf

  getenv

  _snwprintf

  strcmp

  atoi

  strncat

  isalpha

  _wfindfirst

  memmove

  islower

  _setmode

  localeconv

  malloc

  strchr

  atof

  mktime

  _beginthreadex

  _fdopen

  fgetpos

  strcat

  feof

  _unlock

  _close

  __setusermatherr

  fwrite

  _exit

  putchar

  _initterm

  _endthreadex

  wcslen

  puts

  __dllonexit

  fclose

  _mkdir

  _rmdir

  _onexit

  memcpy

  realloc

  memset

  strncpy

  isspace

  rename

  _lseeki64

  fread

  _wfopen

  qsort

  _strnicmp

  tolower

  bsearch

  calloc

  strspn

  wcscpy

  fflush

  strcpy

  signal

  _errno

  toupper

  fsetpos

  isalnum

  strtol

  fseek

  _ftime64

  _vsnprintf

  _stricmp

  _wfindnext

  gmtime

  ftell

  sprintf

  _filelengthi64

  _stati64

  _findclose

  ungetc

  exit

  rand

  setlocale

  fgetc

  putc

  fprintf

  fgets

  _access

  ferror

  raise

  _stat

  _open

  strstr

  free

  _iob

  sscanf

  log10

  _amsg_exit

  memchr

  vfprintf

  _fstati64

  _strdup

  _write

  _setjmp3

  kernel32

  ExitProcess

  CreateSemaphoreA

  QueryPerformanceFrequency

  FindFirstFileA

  lstrcpynA

  OpenProcess

  IsDBCSLeadByteEx

  GlobalAlloc

  GetProcessAffinityMask

  CreateEventA

  DuplicateHandle

  FreeLibrary

  SetThreadPriority

  SetProcessAffinityMask

  EnterCriticalSection

  GetSystemDirectoryA

  InitializeCriticalSection

  FindClose

  Sleep

  CloseHandle

  GetCurrentProcess

  GetVersionExA

  SuspendThread

  GetCurrentThread

  LoadLibraryW

  TlsGetValue

  SetUnhandledExceptionFilter

  GetTimeZoneInformation

  GetTempPathA

  GetTickCount

  VirtualProtect

  QueryPerformanceCounter

  GetModuleHandleA

  SetThreadContext

  TlsSetValue

  GlobalHandle

  WaitForMultipleObjects

  ResetEvent

  SetEvent

  GetVersion

  GetLastError

  LoadLibraryA

  ReleaseSemaphore

  GetThreadContext

  TlsAlloc

  GetModuleFileNameW

  VirtualQuery

  SetThreadAffinityMask

  LeaveCriticalSection

  GetCurrentThreadId

  GetCurrentProcessId

  WaitForSingleObject

  GetProcAddress

  FindNextFileA

  DeleteCriticalSection

  lstrcpyA

  SetLastError

  GlobalMemoryStatus

  TlsFree

  GetModuleHandleExA

  GetThreadPriority

  GetStdHandle

  ResumeThread

  advapi32

  CryptReleaseContext

  ReportEventA

  CryptAcquireContextA

  RegisterEventSourceA

  CryptGenRandom

  gdi32

  DeleteObject

  CreateCompatibleDC

  GetDeviceCaps

  BitBlt

  GetObjectA

  GetBitmapBits

  DeleteDC

  CreateDCA

  CreateCompatibleBitmap

  SelectObject

  user32

  MessageBoxW

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetDesktopWindow

  wsprintfA

  ws2_32

  shutdown

  sendto

  WSAEnumNetworkEvents

  connect

  getsockopt

  WSASetLastError

  ntohl

  htonl

  inet_addr

  __WSAFDIsSet

  WSACleanup

  htons

  WSAGetLastError

  getaddrinfo

  freeaddrinfo

  getnameinfo

  setsockopt

  select

  WSAStartup

  socket

  recvfrom

  closesocket

  send

  recv

  accept

  getsockname

  ntohs

  ioctlsocket

  gethostname

  listen

  gethostbyname

  getpeername

  bind

  Sections

  .text

  Size: 65KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 207KB - Virtual size: 206KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 45KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 16KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 52B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE