General

Malware Config

Signatures

Files

• 1aa191a274b0c83cb0d4f113edebb1ac_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  4ccf9829e70749d47ec1256baa26e964

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  FreeSid

  AllocateAndInitializeSid

  EqualSid

  GetTokenInformation

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  RegCloseKey

  RegDeleteValueA

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  kernel32

  LocalFree

  LocalAlloc

  GetLastError

  GetCurrentProcess

  GetModuleFileNameA

  lstrlenA

  GetSystemDirectoryA

  RemoveDirectoryA

  FindClose

  FindNextFileA

  DeleteFileA

  SetFileAttributesA

  lstrcmpA

  FindFirstFileA

  lstrcatA

  lstrcpyA

  _lclose

  _llseek

  _lopen

  WritePrivateProfileStringA

  GetWindowsDirectoryA

  CreateDirectoryA

  GetFileAttributesA

  ExpandEnvironmentStringsA

  IsDBCSLeadByte

  GetShortPathNameA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  lstrcmpiA

  GetProcAddress

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  FreeResource

  CloseHandle

  LoadResource

  SizeofResource

  FindResourceA

  ReadFile

  WriteFile

  SetFilePointer

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  SetCurrentDirectoryA

  GetTempFileNameA

  ExitProcess

  CreateFileA

  LoadLibraryExA

  lstrcpynA

  GetVolumeInformationA

  FormatMessageA

  GetCurrentDirectoryA

  GetVersionExA

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  GetTempPathA

  GetSystemInfo

  CreateMutexA

  SetEvent

  CreateEventA

  CreateThread

  ResetEvent

  TerminateThread

  GetDriveTypeA

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  LockResource

  LoadLibraryA

  GetDiskFreeSpaceA

  MulDiv

  EnumResourceLanguagesA

  FreeLibrary

  GlobalFree

  VirtualProtect

  gdi32

  GetDeviceCaps

  user32

  ExitWindowsEx

  wsprintfA

  CharNextA

  CharUpperA

  CharPrevA

  SetWindowLongA

  GetWindowLongA

  CallWindowProcA

  DispatchMessageA

  MsgWaitForMultipleObjects

  PeekMessageA

  SendMessageA

  SetWindowPos

  ReleaseDC

  GetDC

  GetWindowRect

  SendDlgItemMessageA

  GetDlgItem

  SetForegroundWindow

  SetWindowTextA

  MessageBoxA

  DialogBoxIndirectParamA

  ShowWindow

  EnableWindow

  GetDlgItemTextA

  EndDialog

  GetDesktopWindow

  MessageBeep

  SetDlgItemTextA

  LoadStringA

  GetSystemMetrics

  comctl32

  ord17

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  Sections

  .text

  Size: - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 27KB - Virtual size: 428KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 461KB - Virtual size: 460KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 536B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  ����4�

  Size: 25B - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ