OqwncdRfdeawcce
Static task
static1
Behavioral task
behavioral1
Sample
8648fe8a722044918faa543988eea1b0_JaffaCakes118.dll
Resource
win7-20240221-en
General
-
Target
8648fe8a722044918faa543988eea1b0_JaffaCakes118
-
Size
180KB
-
MD5
8648fe8a722044918faa543988eea1b0
-
SHA1
e99252450542b0c73d11fbbeb2069879ab8268f5
-
SHA256
ed5992735e4d63c6aef98f031156bc74bc10041e1dc19b3b404d9694b74f1e31
-
SHA512
e8e699a7836707d479cc9cabe2689ef854c0cc913fda0d19878a8fe8e78cc86bc647caf0e9b159662cfdc33940a2f6547227f49089f8e301c0abb7862d95b870
-
SSDEEP
3072:hD2xFMJeSjU91NwhzvGQ5Fv6GKWiEAZxRzvUAtfRZF5EKWiQqmyFDuA:hD7JeSjoCB5xhCFzsAtZj5NBQoF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 8648fe8a722044918faa543988eea1b0_JaffaCakes118
Files
-
8648fe8a722044918faa543988eea1b0_JaffaCakes118.dll windows:5 windows x86 arch:x86
2ca6ab0f08afe2d9f24be78633a20c21
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
memset
user32
ShowOwnedPopups
winspool.drv
WritePrinter
kernel32
CreateFileA
GetModuleFileNameW
advapi32
RegLoadAppKeyA
oleaut32
VarI2FromI4
Exports
Exports
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ