General

Malware Config

Signatures

Files

• 65b908c8a3dacfb5b1aea243a6ed294c_JaffaCakes118

  .zip

  Password: infected

• 9c7448159cd16ba85bab1b198cebf8b2dd476693e9593b378998d352808715b7

  .exe windows:1 windows x86 arch:x86

  691560fd20b90b1d5cf5932bf3681199

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  kernel32

  FindClose

  CreateFileA

  CloseHandle

  ReadFile

  CreateMutexA

  CreateThread

  ExitProcess

  CreateEventA

  FindNextFileA

  FindFirstFileA

  GetCurrentDirectoryA

  GetLastError

  GlobalAddAtomA

  GlobalAlloc

  GlobalFindAtomA

  GlobalFree

  IsDebuggerPresent

  CreateFileMappingA

  CreateMailslotA

  ResumeThread

  ReleaseMutex

  SetCurrentDirectoryA

  SetEndOfFile

  SetEvent

  SetFileAttributesA

  SetFilePointer

  SetFileTime

  SetThreadPriority

  Sleep

  UnmapViewOfFile

  WaitForSingleObject

  WriteFile

  lstrcatA

  lstrcmpiA

  lstrcpyA

  lstrlenA

  MapViewOfFile

  user32

  ReleaseDC

  MessageBoxA

  GetSystemMetrics

  gdi32

  TextOutA

  SetBkMode

  SelectObject

  GetStockObject

  CreateDCA

  Sections

  CODE

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  DATA

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ