General

Malware Config

Signatures

Files

• 6c038e685bc79b14f7a8d021172fccb2_JaffaCakes118

  .dll regsvr32 windows:4 windows x64 arch:x64

  31c79b93eb85f85b6f00fbe11de0ac52

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  advapi32

  ClearEventLogA

  ImpersonateAnonymousToken

  NotifyChangeEventLog

  ReadEventLogA

  RegCloseKey

  RegDeleteKeyA

  RegGetValueA

  RegisterEventSourceA

  kernel32

  CloseHandle

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DisconnectNamedPipe

  EnterCriticalSection

  FindClose

  FindNextStreamW

  FlushConsoleInputBuffer

  GetCommModemStatus

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetExitCodeProcess

  GetFileType

  GetHandleInformation

  GetLastError

  GetProcAddress

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  QueryPerformanceCounter

  ReplaceFileA

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetCommBreak

  SetConsoleMode

  SetCurrentDirectoryA

  SetEnvironmentVariableA

  SetEvent

  SetLastError

  SetNamedPipeHandleState

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WaitForSingleObjectEx

  WaitNamedPipeA

  msvcrt

  __iob_func

  _amsg_exit

  _initterm

  _lock

  _unlock

  abort

  calloc

  free

  fwrite

  malloc

  realloc

  signal

  strlen

  strncmp

  vfprintf

  Exports

  Exports

  DllGetClassObject

  DllMain

  DllRegisterServer

  DllUnregisterServer

  InitHelperDll

  StartW

  Sections

  .text

  Size: 59KB - Virtual size: 58KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 756B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1024B - Virtual size: 712B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 200B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ