General

Malware Config

Signatures

Files

• 75f0638e40cb937d9a553eb08b57d54c_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  f7a9b33b8a99a98d91563c62d9c69262

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  crypt32

  CertControlStore

  CertAddStoreToCollection

  CertFindCRLInStore

  CertSaveStore

  CertFindChainInStore

  CryptFindOIDInfo

  CertFindAttribute

  CertGetNameStringA

  CertFreeCRLContext

  CertNameToStrA

  CertDeleteCRLFromStore

  kernel32

  LoadLibraryA

  GetCommandLineA

  FindResourceExA

  FormatMessageA

  GetEnvironmentVariableA

  DeleteFileA

  SetPriorityClass

  OpenFileMappingA

  lstrcmp

  CreateJobObjectA

  GetModuleHandleA

  GetFileAttributesA

  GetTempFileNameA

  WaitForSingleObject

  WriteConsoleA

  CreateSemaphoreW

  FileTimeToSystemTime

  lstrcmpiA

  DecodePointer

  CreateProcessA

  CreateDirectoryA

  GetProcAddress

  shlwapi

  UrlCreateFromPathW

  UrlUnescapeA

  UrlIsNoHistoryW

  UrlCanonicalizeW

  UrlGetPartA

  UrlEscapeA

  UrlCombineW

  UrlHashW

  PathIsRootW

  UrlIsA

  UrlGetLocationW

  UrlCompareW

  cmpbk32

  PhoneBookLoad

  PhoneBookCopyFilter

  PhoneBookFreeFilter

  PhoneBookEnumCountries

  untfs

  FormatEx

  Format

  Chkdsk

  Recover

  Extend

  clusapi

  CloseClusterGroup

  ClusterControl

  CloseClusterNode

  CloseCluster

  dsprop

  ErrMsgParam

  CrackName

  CheckADsError

  FindSheet

  Sections

  .text

  Size: 42KB - Virtual size: 41KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  .rdata

  Size: 29KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .lock

  Size: 523KB - Virtual size: 523KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ