General

Malware Config

Signatures

Files

• 1e5cd86251c2c61ee1cf479963b8acb8_JaffaCakes118

  .dll windows:5 windows x86 arch:x86

  ee378a91d127e5ad8a8b70c7558c6cc8

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  C:\build\source\locdrm\rel32\locdrm.pdb

  Imports

  ole32

  CoCreateGuid

  kernel32

  GetSystemInfo

  InterlockedIncrement

  InterlockedDecrement

  QueryPerformanceCounter

  Sleep

  CloseHandle

  WaitForSingleObject

  GetCurrentThreadId

  CreateMutexA

  OpenMutexA

  ReleaseMutex

  GetVersionExA

  GetTickCount

  FindClose

  GetDiskFreeSpaceA

  GetWindowsDirectoryA

  GetModuleFileNameA

  FindFirstFileA

  GetDriveTypeA

  FindNextFileA

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  GetFileAttributesA

  CreateDirectoryA

  InterlockedExchange

  TerminateProcess

  GetVolumeInformationA

  DeleteFileA

  InterlockedCompareExchange

  GetCurrentProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  user32

  CharPrevA

  CharNextA

  GetSystemMetrics

  advapi32

  RegCloseKey

  RegOpenKeyA

  RegOpenKeyExA

  RegQueryValueExA

  msvcr90

  _getcwd

  ??2@YAPAXI@Z

  _time32

  rand

  srand

  _purecall

  ??3@YAXPAX@Z

  memcpy

  _read

  memset

  ?_open@@YAHPBDHH@Z

  _write

  _lseek

  _tell

  _close

  _chdir

  _commit

  strchr

  _localtime32

  ??_V@YAXPAX@Z

  ??_U@YAPAXI@Z

  sprintf

  ??0exception@std@@QAE@ABQBD@Z

  _putenv

  ??1exception@std@@UAE@XZ

  ??0exception@std@@QAE@XZ

  _invalid_parameter_noinfo

  _CxxThrowException

  ??0exception@std@@QAE@ABV01@@Z

  __CxxFrameHandler3

  malloc

  free

  realloc

  memmove

  sscanf

  getenv

  _errno

  _unlink

  rename

  strrchr

  strstr

  _ismbblead

  strncpy

  _ftime32

  _unlock

  __dllonexit

  _encode_pointer

  _lock

  _onexit

  _decode_pointer

  _malloc_crt

  _encoded_null

  _initterm

  _initterm_e

  _amsg_exit

  _adjust_fdiv

  __CppXcptFilter

  _crt_debugger_hook

  ?terminate@@YAXXZ

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  _except_handler4_common

  __clean_type_info_names_internal

  _rmdir

  _mkdir

  _chmod

  _itoa

  _stricmp

  _eof

  ?what@exception@std@@UBEPBDXZ

  msvcp90

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

  Exports

  Exports

  OnUninstall

  RMACreateInstance

  RMAShutdown

  SetDLLAccessPath

  Sections

  .text

  Size: 74KB - Virtual size: 73KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .text

  Size: 147KB - Virtual size: 148KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE