General

Malware Config

Signatures

Files

• 1b9dc2e52732129523a99238a41685ac_JaffaCakes118

  .exe windows:6 windows x64 arch:x64

  337e9780fdb99d2b5222c545ac377770

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  CreateToolhelp32Snapshot

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  LookupPrivilegeValueA

  c0gnito

  Authenticate

  msvcp140

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  urlmon

  URLDownloadToFileA

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  api-ms-win-crt-runtime-l1-1-0

  _c_exit

  api-ms-win-crt-utility-l1-1-0

  srand

  api-ms-win-crt-filesystem-l1-1-0

  remove

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-stdio-l1-1-0

  _set_fmode

  api-ms-win-crt-heap-l1-1-0

  free

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-string-l1-1-0

  _stricmp

  api-ms-win-crt-conio-l1-1-0

  _getch

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  {nC�@C���Z� TuY�ǽ<D��nP1��o9�8,y�K3,"�J ������H�Q �$��s�`E��M��9�,z�c�T�@A�I�����q�8fel������c"�#i��k��8��"�(3~Iȩ�Fi�|�ڢ�@�K�
  �*����";�r�P޺�}��wݻ_�x U��ϪA�ʺ�ap�8'�u����.����������� Y�p�G���j��A��j *97|̌A~�懩���r|}�����k{ڐ[y�/D�`#Ӭ���(S������k��i��oy�*���-�ܙ�q3䜴2;���������h�YC�%?�x�����6}J�{��>�D��P
  ��%$�[c1i�=�*Ww�v�� � &2O��
  �(��\�+i9.5��4"f:A�u=}��2�XO�v�� 5�d ���0< t�_J�S�
  ���|W0nޒ6bd$S��5�8��=�uH3gΔ.�A�_p�������,ZS0�8�2 �G��Ss�HNbm�5�#�����u���� -�f�YQ�z��mfv��Q:�=ȝU���zb�\��[So��R���>��L���T<�eN�D��ˌEI{�ҥP� �����2��G�>�m�Ah�; Oa���y�=-����4�Ud�)����!��Xz� mn�L�.ݟd��L'�{Fh��F��s�hΠpt��v�Z�'���2Q�����]➘�y�t��IJ � �+EP��眶�&�� ���]Ch��r���^��f]��i� �i�_����Sa�p�C�D���6����zA[A�T�^~����ѷ��h,�]�C�"q��җa�N���ص�Nj���S�i!ݙ�*�KZ��utI��(��9 /bdI��4������3������ ,��K��.�xVz�G�!"g���3bw�#D��a_ bkK�!BЋ�����5ȿx �>&���$H�NDBs/��hS�� �k�"��"�|����z�73�,`�-���B�/��lY�bym�u�nZ�%v��{�̶Gs��Xp�7�V��
  X��ĴY ����8 �0��N�Ap
  �s(
  U���2]I�2��s-(8S�&7�'Ĵ�0`Tl:ꢏw4j� ��W,P�,"}�� ���b4L�7k�l�Y@�&1�R Pv%?��1~��_�g(�bM
  ����z� W��LY�d�3��%
  ��[�&Ϯ'E�gĔ^Ks�*?��P��g7��d��P�����Y�h&&^����Y�$t�9� �FIP� �����Q�ORtOt�����"��8 *O�6J��]��ɣ�� Z�E �����z���=�ָY��$����)A�t%��+���t! �1�&�u��� ���D�"T/`�%e�[�f�J�NL�O�B`}jg��x-mPa\���`�NB=�&�X�� T�+���m��*6�F&G��&?��`��B�w�Vv�a������$Rצ��%K�� t"�a�FA�c�uM~�s���ۘ*�}���2���G���T�B����h�DΝomb�� '��%#MN��h �e�c{�J�~<Bq����,7�����}����W�����|<|�0�M
  r@�Bk��i�O�Ϲ1 �� ���+�lWy�+4S�`�"b��Jd�ʘڋ�`>K,��x
  oc6$��Ag'1P9Y"��x�L)c�U��_�u\�qx8��y�XS*�����>=��<:��eg�'/� Ŵ�������^J��F���/I=ak� 8��yQ�/#��9&H���SX�m��jj��t��({@{�p@P "~��Cv�����Y��M:� W��%4����D�)��7��p0�`$��$����cv�٢�%�*�E�%��܀����n����`���\�����rq1�2[��5��u�GJ��z��k����F;]�[�9�Ř��{ hE�İ�����/Umb k����F-�� �<��T �´@��’K�C�L�6 �Ld\W�2/����d�NLmP�ؒ\�l ����(���pN�0S�ڀ��Eh�OϽ B���|Y��ʂJ4ؕ�5>�����+6uρↅH�y�pA����աr�g[:ܚ���ynL���@ڒ��U��o���(� �W ~f�#[8�x��Q��w���'���
  ��Y��`ҭ `��? �@�!��0�P�ά��N�(�����_U��+��tn��|�u��H����*OQ��:ଝ����@U�oU) �R��~5�b#P��\���‡%!*f�cRKm�w[
  ���9�c0�x�_�6$y�)" )�Z���\����I�N�ƛ�LM�zz%�-����4��|�v�b�XJ��_�"n��*��İ���ER8��b�� �V��5��Bo7_�o���28�3l�dCY,2)�e�oD�B��s�=э;߹� ���B�ް}':�� "�>�֛W�2&@죓�^a�������[J���5�����/�`���jH��̰I�ˬ���i��1Ocyb ��|7���E��W��ɤ�����c=\!�2�o���i��p�)}OX�\��V���Oj�<�:���~��c@�k�7�+�;��E��L8P��F�0)��P��nzը���_:� p�i$N��߹c��
  �|�!��も C3J�c)�& ���=5c�2ௐ�z���W�
  H*ˉ����3o�x9��UQ���`u�-�4{���wI��p��YF��f�dM�/�ErG�BVc(�@����u��)aa��)�������U$��C��b�c���lD��~��v�������}~Dď�9�c��Hp��N���= $T�;��݃v���h߁��?rO������l,M*mCN���W�[��;I����^>sqx�s�?�i|?��~f&vsFaѐ�vT�Xg��uF��S l�|L�V ��3x ��Rȕ�J�2,����{�?mb��3��.)�K���}h������8`zv ���c���Q3M���a��lL ~O���[���m~㢨����WĠ
  �)�8j�̺��r�Q�:��y��� ������ s�^-�ݥF���l}cZh��ڿ6~Q������MP�i�Ђm����� �H 6�;y�

  Sections

  .text

  Size: - Virtual size: 13KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 864B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 5.2MB - Virtual size: 5.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 172B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ