General

Malware Config

Signatures

Files

• 1a206a52cfbebb61e0a33a646458da8e_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  261a9ca797a17a5607e472f0e92910af

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcmpA

  ResumeThread

  SetThreadPriority

  GetCurrentThread

  SetPriorityClass

  lstrcatA

  GetEnvironmentVariableA

  WinExec

  GetModuleFileNameA

  lstrlenA

  GetLastError

  CopyFileA

  GetSystemDirectoryA

  CompareStringW

  CompareStringA

  CloseHandle

  GlobalMemoryStatus

  GetComputerNameA

  GetCurrentProcess

  GetTempPathA

  DeleteFileA

  ExitProcess

  lstrcpyA

  CreateProcessA

  TerminateProcess

  CreateThread

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  Sleep

  ExitThread

  GetShortPathNameA

  GetTickCount

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  SetEnvironmentVariableA

  LCMapStringA

  MultiByteToWideChar

  SetStdHandle

  FlushFileBuffers

  GetOEMCP

  GetACP

  GetCPInfo

  SetFilePointer

  WriteFile

  GetFileType

  GetStdHandle

  SetHandleCount

  GetEnvironmentStringsW

  GetEnvironmentStrings

  WideCharToMultiByte

  GetTimeZoneInformation

  GetSystemTime

  GetLocalTime

  HeapAlloc

  RtlUnwind

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  GetVersion

  HeapDestroy

  HeapCreate

  VirtualFree

  HeapFree

  VirtualAlloc

  HeapReAlloc

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  VirtualProtect

  GetModuleFileNameA

  ExitProcess

  user32

  wsprintfA

  ExitWindowsEx

  MessageBoxA

  advapi32

  StartServiceA

  RegOpenKeyA

  RegSetValueExA

  CloseServiceHandle

  StartServiceCtrlDispatcherA

  RegisterServiceCtrlHandlerA

  SetServiceStatus

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  OpenProcessToken

  OpenSCManagerA

  OpenServiceA

  DeleteService

  CreateServiceA

  shell32

  ShellExecuteA

  ws2_32

  gethostbyname

  inet_ntoa

  send

  connect

  closesocket

  recv

  WSASocketA

  setsockopt

  htons

  inet_addr

  sendto

  WSACleanup

  WSAStartup

  WSAGetLastError

  socket

  htonl

  Sections

  .text

  Size: - Virtual size: 46KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 16KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 68KB - Virtual size: 64KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 4KB - Virtual size: 128B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ