General

Malware Config

Signatures

Files

• 6bde783c9a40a6ac04c3145f4c6417ae_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  8771d13f5d6a5209a72f41ba1241fe15

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  setupapi

  CM_Locate_DevNodeW

  CM_Get_Parent

  CM_Get_DevNode_Status

  CM_Get_DevNode_Registry_Property_ExW

  CM_Get_Device_ID_ExW

  CM_Get_Device_IDW

  SetupDiGetActualSectionToInstallW

  SetupDiSetClassInstallParamsW

  SetupDiSetDeviceInstallParamsW

  SetupDiGetDeviceInstallParamsW

  SetupDiSetDeviceRegistryPropertyW

  SetupDiOpenDevRegKey

  SetupDiCallClassInstaller

  SetupDiGetClassDevsExW

  SetupDiGetClassDevsW

  SetupDiGetDriverInfoDetailW

  SetupDiBuildDriverInfoList

  SetupDiGetDeviceInterfaceDetailW

  SetupDiGetDeviceInstanceIdW

  SetupDiOpenDeviceInfoW

  SetupDiCreateDeviceInfoListExW

  SetupInstallFromInfSectionW

  SetupCloseFileQueue

  SetupOpenFileQueue

  SetupGetIntField

  SetupGetStringFieldW

  SetupGetFieldCount

  SetupFindFirstLineW

  SetupCloseInfFile

  SetupOpenInfFileW

  comdlg32

  GetOpenFileNameW

  GetFileTitleW

  crypt32

  CryptProtectData

  CertNameToStrW

  CryptHashPublicKeyInfo

  CryptExportPKCS8

  CryptAcquireCertificatePrivateKey

  CryptExportPublicKeyInfo

  CertVerifyTimeValidity

  CryptHashCertificate

  CertAddStoreToCollection

  CertVerifyCertificateChainPolicy

  CertSetCertificateContextProperty

  CertCreateCertificateContext

  CertEnumCertificatesInStore

  CertCloseStore

  CryptMsgUpdate

  CryptMsgClose

  CryptMsgOpenToDecode

  CryptEnumOIDInfo

  CryptFindOIDInfo

  CryptEncodeObject

  CryptStringToBinaryW

  CertGetCertificateContextProperty

  CryptBinaryToStringW

  kernel32

  GetOEMCP

  GetCPInfo

  IsValidCodePage

  IsDebuggerPresent

  IsProcessorFeaturePresent

  LoadLibraryExW

  RtlUnwind

  OutputDebugStringW

  HeapReAlloc

  GetStringTypeW

  HeapSize

  LCMapStringW

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  SetFilePointerEx

  WriteConsoleW

  CreateFileW

  GetACP

  FileTimeToSystemTime

  GetProcAddress

  VirtualAlloc

  HeapDestroy

  HeapAlloc

  HeapFree

  GetCurrentProcessId

  GetEnvironmentStringsW

  GetCurrentThreadId

  GetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WaitForMultipleObjects

  FindClose

  CloseHandle

  GetSystemTimeAsFileTime

  GetSystemInfo

  FormatMessageW

  CreateFileMappingW

  GetModuleHandleW

  GetCommandLineW

  ExpandEnvironmentStringsW

  GetSystemDirectoryW

  FindFirstFileW

  MultiByteToWideChar

  GetCommandLineA

  SetLastError

  EncodePointer

  DecodePointer

  ExitProcess

  GetModuleHandleExW

  WideCharToMultiByte

  GetProcessHeap

  GetStdHandle

  GetFileType

  GetStartupInfoW

  GetModuleFileNameA

  WriteFile

  GetModuleFileNameW

  QueryPerformanceCounter

  FreeEnvironmentStringsW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  Sleep

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  userenv

  ExpandEnvironmentStringsForUserW

  RegisterGPNotification

  LoadUserProfileW

  Sections

  .text

  Size: 77KB - Virtual size: 76KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 942KB - Virtual size: 7.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 364KB - Virtual size: 364KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ