General

Malware Config

Signatures

Files

• 74b0a4959dd3eb529dc33f5edb7327a1_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  0195fcaa2ef3e336f4c66d6b8ad8f999

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  oleaut32

  SysFreeString

  advapi32

  RegOpenKeyExA

  user32

  SystemParametersInfoA

  MessageBoxA

  kernel32

  ReadDirectoryChangesW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  gdi32

  GetCurrentObject

  version

  VerQueryValueA

  ole32

  CoCreateInstance

  comctl32

  ImageList_Read

  iphlpapi

  GetIfTable

  Exports

  Exports

  b����~�����f���[�!�e��Թ��$�s3���h?��_4��:�2�|�Ń��X"�p�E2]�;w��FNj}/^V ��?��?� �Tb:9*aٻŁ�_�ڗK��g#�������*���7IE7zRh�=�4��T��#�Q���u��\n�[&��1��u<kn����D����h���Z=�����S����vS�@���S6�.N,o$�X�@�|��*9�Q�;#�w�Y����v�6"�fa�9`vue}t��.�"GT6�^Vy�׈0��%�f�&DMHh���������*7r����Xn�:�K 3P3��7Z[����)�}Î�`Ԋ��=�~��,Gժ䗔�˽Qv\J\ݹ�\�ȹ��Pۦ�<�<��s[P£�_��K�:�|Q&k��l��e�w�י^%��뢍�"���\�����5 �D�2Z�z٢#/,],�D!LZ<�v���L��k�F}������eR�
  �^q��s�i�����R�$�绖�"
  �&E�aҦ+k
  U�կ�y1�b��Bp�����f;k7�7�T\��8`cᶌ�������HZ���m=XTA�U&����]�k�������
  w�]�X����t�P��Hث)���.\��h�k�'Gv7t3�[g,�y����&�{7�Ѭ��~��er9p��/1S�q �k�DlP�B>�wh�|3F��1�r&�4�v��[�/5"{9>�
  1,T�%�<����|����Y�{R�qD�Fv���[-WÁn$L6!2 �� J�B4S�[\x��zo��x̱�:�)+`PT ]��h/���=��T%�l���s�����VB���b0�b����c�M�ӊ�P��3�cp�Y$��'+4@:$r� <I��)�om��4� �vJ����U�4�!%�ԲI��׊D�5�QEA�X��a��gԸŁeᱟ0>��~8��^S��e�����~�H*V�wG�j��C7S@w�(%#VhV�y�����7��\����g�Ԩ�� &���N*Z�.hxp�cD�a[�-���H�/T|�ө����[!�}�K_g�
  p�m��j[,��_�h_
  �]�_�H�����Ր϶��cOɲ��� �q���5�����K���--MI\��貃�J`_�C�{��c1c3��00��31����>�(3Q�K1�8�I�o:�4���r��S��p��ɵ�.W8��񬋩ٞ1�Ҿ1�����.�1��Ґ<�M�V=��.�sp�:�s���y�[Ě늿)�Қ�r4�M���M����|Y��j��@�+��K'��50�+�=����������M�6�K�$���9S������U�)�!M������>S%���;�
  �(W��������I6-��{�߽��"��xn��g�I5PK��+��_��.�K-v���,S���b��Njr�>R:�R���F�L�BES*�������ApD��# ���V�V��Ҷ.CL���;��VC�Ȣ��$�Tܸ�+V�"e�T��y�����.���:��v�w�s ݉���.E�WO�ŧ�6��e��8��0aA���>��o��`r�g-8:9e�Ǐ/&Q?��~���eE |����—M������X�#(��ni�̓2-C�x��#
  v���A�uS�G:�~D ��7�1ڌ��I�; ���X�yt��/��C.�l��*S���jL�3��?�T�ۙ��������ّ6�G�h@�( � 'wi�X�_�Ӄ�����#���q\
  tƫe�߯lc��d����`I{�x��>D��m49���T�8�~�>�e��|���q6�J�dvQ�^�1(Im�M��F�xQ~�m'�?MO+/��h����A��f�߲S����7C*w_����6&��fQ�g$H�,�`9*b�.�:�� ��h��QIP����~y!��B^���(� o����{�t�/'�v<Ti�_�/ZW*���. e����Sݕ�<6>���H4�L5�'����bwxeS����|׳���|�I��^>��(��ţ,�� ��z!=K�T�YXފ+�37,ʯn��SC��s�3���l8���D��P�V��d�$�bm������
  �F2�NSej��\���ֺ�|ܕ��F�
  ��_ϛ`Q�#�3�� ���f��H�-�����84�I]2�R�� ��AB&v+�}�$��
  h��N�j� n|��KB ݬ,18�h�w���k��I��c�eY��XRl�\i?|�d4*�z���_Cs�Nj�^]��I��AK����9Dh��+�2��K]�4w��/��^l�cyaݻ+�\a�.��h�����<5צ���+GnG�N-X��W�E��N�,�u&(ȥ�NY�QȹhvO� ��\�W �o^����[��[�U~�����,[rW��JF��X�!�Wx�T�2�'P�_���$�E>�q6{dv�L\�sB�ꝓ��B����RI"������N���a�)��`&a������ɕ��bpo�"�΃T<r�>�q<�5��卥�C-�u&J�SH2x� ��׮���������d���io�`���Ǽ�r�-�����[
  ���3sCgj��4X-0��U&��F����'�������,9l��Ƿ�վ��|�웹g'�rqY�9�!���e�_G�U��q%{������m|=o�9����н�o�_&5��%ʐu �ؐ*��s/��N�"$�1�S���'�J�`WbH�o^@ w�Q~;փ�{�`�(c�],�ژ\=��9C�y��9��<C��7[/m(��ڗ���j��ub؂3��mY�Cs���7�0�ݶ�����l��B���7T�В�7��y�7�N���<�s��X��o|�1���.iԡm;zc���8�C��ھ��wW�[���*����Tv{���N�+�9)�bg�4���yG`����[D����(n�^�m�V��#u��h���C߆>%&��N��{�" �l��4l�D��*�IV��lM��Cu����0����{cn���ݴ��Y���1��$�w@qa o-���^���V8s<�4���6�=�

  Sections

  .text

  Size: - Virtual size: 694KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .itext

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 541KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 20KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 52B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 44KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 16KB - Virtual size: 151KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: - Virtual size: 344KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  .vmp2

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ