General

Malware Config

Signatures

Files

• 567d10dc616a037e225b1a669a2cf7f9_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  bb2e9e2bb2989c645bb17e20b34e011e

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  kernel32

  GetCurrentThreadId

  WriteFile

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  shfolder

  SHGetFolderPathA

  shell32

  ShellExecuteA

  wtsapi32

  WTSSendMessageW

  user32

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  Exports

  Exports

  �젺T�Ye7j~,�l����|�����6f��#�w�i�(��L~����Z�S ���3q���壦�����Yd�Y[#��S��3$�o�F����'���C!4%~��^q�v�,1��t+J�в�鲓}'���ՁKc�W��n�E��Ya��<u�҃��a��Pc�6�J6m� ^}AU5��
  CX-�q�Q����`a������&# �W> ^]F�Q<|=�ҁ����ТA6h_"AN�!A��a�K��3n��u��
  �n��>�3����z�2���Ⳬ��1���-\���ﺫ:�� �I���1jǚ�(����"�<s�����ڌ�U�l!!�!}���Zc�4w������GW�2���l*x.�X�B�%�-���N� �O���.Z_}���l`*�87}OdZ&��,����d��M4l\Æ\(Da2S�}����l���C|g�e�V�Ɋ�y~�"�� ��݃��l�P �]��b�.�`�;S�W�w2��ya��c������IA���u��
  ��=L�e�g�x���M�2Z�^�ʞ��t+Iㇰy�$w�DZ�k��k����).��Ѭ��%{�9u�#IV�X���t�6�?��m#�jeOې샨�� �c` I7�<���Jtx�pEZhx�{a����fF{�ZbҰ�xv���5aON�N=
  ���m�U��l~���V�v��,�,�Qu�_�n6�Ǹ�_����2K��ǿ���eŠe9!\ld����>M3z�na��U As�!(����Nr�x�h^���F�׸+�B9Σ(��C:�ȵ"��6ƈ��/tL���Pn�b�X)%Aw�v�mB����ĐCM�C��黶ATS��&QӵE^9z7��ھ�9`�b��c��W^�αD�����[��n��Ay_秾�e���(�nV��5�4\�`8��onunŀ7!�KD�h�9tk<�C��3#|�񶠡h�x�*!e���c�q�PJ���k���44�ܪV+��B�F��7K\ 'z�ob�o�FI�^̊��ך��R4�<қat���Y��Q)��H�IK���BY'�~�� }6 ��;K��R����f��y��)�ַ�`SCs�J^�%5tB=��d�%޾��ۣ��r��&r�9�O�UgU�sA�ލ�XvD��Ss��*��H��y�q�X9��#��|����FpЯr�)�ޫE\j�Й��q!.�~�[�[BU�RM��b��%�^L��LjT�K�܂�Z7�i~&q�V&�v�)*�����9 ^hk�� �ZI)�X}㛼2�|�����|�͑���?�pD��//��:�S`�������:pIq$�0��g�����͗�>)��pb�D��Iٗ��JӜ����7�8�CY^��@�Cg���r���5�*D��p|5��C�<[�S���wf'�1�8����sU1��В��`5A�CH+�K�� ����+���ͦ�z���Z23��F�������|]���pY-��U�̪�KZ�$���w(�
  w*ƦA��*�������w�c�1�����x6#��W�'��U��������y���y
  ���#E��9Go��D�o��p$f�Ά�u� QZ����ݡo_�u�LoSc��M�5d�`�K"���L���<�V���r���l���}����p���V\ �1�k����k���M�0��5?s��x�(��c���i�8���. �/
  8/p���uz���]T��B��`�.<<�E �9:|���fo�dZ�I醙G�2w�f���S;yl ��Ԝ$������y�UL�B:R���D�����}C�7�X�eCn�NT��a���t�]�\LQ���{XL:T)��#~�u�k�r���s��@u� ��OL���B,*�.{�V*mV�f@�f8�$:��QH��[�v�&N�^�9�WK>m�kL�J�iX)�>T�^�3�U�ݽ�H.�k��PquP�{���Lݤ�9�ҥ@�T�vy:�����1���f<��82�������t�-���t#&� J�NJ���0^%��5e_d���S�����@�t��Nk��9��;봈wr���f�5t����g���^p�{!ԾQ��OB+�-e|��u������ ~�?;K�� hf�E��H�吲{�E9Ѡ;d���d��o��W��%۫��1�pM(��a2�X���G�s�'���[�5�Y9���i��-��Un8独w�Y�Ү)��Ͻk�g�  _oY����.�
  k2<�!^F�Mnj*��`��[ r�~0�N�i*���c�Q�v
  ��x�Z��&*2�J�������}�/��D(�]�"����O��. O!
  d[UK��W�'�^���ZE�r���>��B�ƺ[�B��䑇Og:c�vA���q���Wa� .U��a$�H���J���
  �ac�>�/��Ƅ�̓����].K؅;s�@O�ߖ c�����6֣k�
  1^�&�� 爞��%��
  * ���lg���U�aCT���la�$cjz�Cτ#�PE�]��H���g6�&ƃF֚�ɚ���;8(�<��R����j�
  ދZ�n��M� n-q��4V�FA����|(����u�1GjI;��Y��7����5d��y�K b��͟Ve��Oj$��"�-Ar0�S����n侀i�NJ���%��5�fX�Am ��%�Eh W�Q������p7���u�h-�y9 G�e���=�����Ө2��~'j��WK��b��@O���(x��K:a�3sI<��:Y����"kb%�9�=�R!��̦���'����;%W0ͧ�Ww ��m���#��Yɦ�2����.\JCS/<0�|)�v��-�X�H�]���_º����l٪�<Am��f�d<'�q}!!���8��#6�͜� ���
  ���G ק��ч)�N�b�Њ����=bxv�pB��D�}�*�򌣁S�&"�9{��ˏ$���3�WuʛS���n B Ըع�39��3��b���.ӿ�̎9_]��\I�}o�'j��J����d�a�@{���a�b��>�rf��q�ʇ��P��Û0��I\�U��M�

  Sections

  CODE

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: - Virtual size: 124B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 1KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: - Virtual size: 770B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 4B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 5.4MB - Virtual size: 5.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 264KB - Virtual size: 264KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ