General

Malware Config

Signatures

Files

• 715d071a8f0a8552a002d6347a52e13a_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  199b7e92fdebd65631f97f47bf8f9af3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  clusapi

  ClusterEnum

  CloseCluster

  CloseClusterNode

  CloseClusterGroup

  crypt32

  CertOpenSystemStoreA

  CryptHashMessage

  CryptDecodeMessage

  CryptFindOIDInfo

  CryptDecryptMessage

  CryptEnumOIDInfo

  CryptMemRealloc

  CertDeleteCTLFromStore

  CryptUnprotectData

  CryptProtectData

  advapi32

  OpenEventLogW

  CryptSignHashA

  RegCreateKeyExA

  ClearEventLogW

  RegLoadKeyW

  RegRestoreKeyA

  ReadEventLogA

  RegUnLoadKeyA

  RegOpenKeyW

  RegReplaceKeyW

  RegEnumKeyA

  RegSaveKeyA

  RegDeleteValueA

  IsTextUnicode

  modemui

  CountryRunOnce

  drvGetDefaultCommConfigA

  kernel32

  RemoveDirectoryA

  AddAtomW

  GetProcAddress

  LoadLibraryExA

  OpenMutexA

  FindFirstFileA

  CreateMutexA

  GetBinaryTypeW

  GetVersionExA

  GetCurrentDirectoryA

  GetTempFileNameA

  FindClose

  FormatMessageW

  lstrcatW

  CreateSemaphoreA

  IsBadReadPtr

  LoadLibraryA

  ResetEvent

  HeapReAlloc

  GetConsoleAliasW

  WaitForSingleObjectEx

  Sections

  .text

  Size: 254KB - Virtual size: 253KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data1

  Size: - Virtual size: 256B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ