General

Malware Config

Signatures

Files

• 164c97ef66c22ff3d016a25aa993a647_JaffaCakes118

  .exe windows:6 windows x86 arch:x86

  4a341b31129047a81d4ed27e5e1e53c4

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\workspace\workspace_c\FBCookies\Release\FBCookies.pdb

  Imports

  crypt32

  CryptUnprotectData

  shell32

  SHGetSpecialFolderPathW

  kernel32

  LocalFree

  WideCharToMultiByte

  lstrlenW

  FormatMessageW

  GetLastError

  AreFileApisANSI

  ReadFile

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  WriteFile

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  SetFilePointer

  GetFullPathNameA

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  WaitForSingleObject

  CreateFileW

  GetCurrentThreadId

  UnmapViewOfFile

  HeapValidate

  HeapSize

  MultiByteToWideChar

  GetTempPathA

  GetShortPathNameW

  GetFileAttributesA

  GetFileAttributesExW

  OutputDebugStringW

  CreateFileA

  LoadLibraryA

  WaitForSingleObjectEx

  DeleteFileA

  DeleteFileW

  HeapReAlloc

  CloseHandle

  GetSystemInfo

  LoadLibraryW

  HeapAlloc

  HeapCompact

  HeapDestroy

  UnlockFile

  GetProcAddress

  CreateFileMappingA

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetCurrentProcessId

  GetProcessHeap

  SystemTimeToFileTime

  FreeLibrary

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  FreeEnvironmentStringsW

  Sleep

  SetEnvironmentVariableW

  SetStdHandle

  GetFileAttributesW

  GetDiskFreeSpaceA

  GetEnvironmentStringsW

  GetOEMCP

  WriteConsoleW

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  ReadConsoleW

  SetFilePointerEx

  GetFileSizeEx

  GetConsoleMode

  GetConsoleCP

  GetTimeZoneInformation

  GetFileType

  GetStringTypeW

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  EncodePointer

  DecodePointer

  GetCPInfo

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  SetEvent

  ResetEvent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  RtlUnwind

  RaiseException

  LoadLibraryExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  GetModuleFileNameW

  GetStdHandle

  GetCommandLineA

  GetCommandLineW

  GetExitCodeProcess

  CreateProcessW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  advapi32

  RegCloseKey

  RegSetValueExW

  RegOpenKeyExW

  RegCreateKeyW

  winhttp

  WinHttpAddRequestHeaders

  WinHttpQueryHeaders

  WinHttpReadData

  WinHttpOpenRequest

  WinHttpSetOption

  WinHttpOpen

  WinHttpSetCredentials

  WinHttpQueryAuthSchemes

  WinHttpGetProxyForUrl

  WinHttpSendRequest

  WinHttpConnect

  WinHttpQueryDataAvailable

  WinHttpReceiveResponse

  WinHttpCloseHandle

  WinHttpGetIEProxyConfigForCurrentUser

  Sections

  .text

  Size: 767KB - Virtual size: 767KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 116KB - Virtual size: 115KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ