Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
e3613c61873a8c4457f78f4d4337b6af_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e3613c61873a8c4457f78f4d4337b6af_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e3613c61873a8c4457f78f4d4337b6af_JaffaCakes118
-
Size
185KB
-
MD5
e3613c61873a8c4457f78f4d4337b6af
-
SHA1
af6ca2be550fc688fe54f7a234672fbd6d704417
-
SHA256
298e5e539f141bfabd2490cca0a6b8216eb2500d223d38fc4e9ea1c1be11ed7b
-
SHA512
7a19ab39a8408bc1eb3fc1da2f8da2a6ee6954c99e2ebf449d76f699dbf520a2ee2e8a7d8303dd913ca2ef0c5136e385bb472c7fcdec41e893e71048e16969aa
-
SSDEEP
3072:e+olhqG8IpUzBv0dP/l4hbtDiMMQkCeAlt8fzbC:ejlhICPt4zGoXeAlt8fzb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e3613c61873a8c4457f78f4d4337b6af_JaffaCakes118
Files
-
e3613c61873a8c4457f78f4d4337b6af_JaffaCakes118.exe windows:4 windows x86 arch:x86
e3011fa0dd9bb47ff20e39a08dc34468
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysAllocStringLen
kernel32
lstrlenW
GetCommandLineW
GetCommandLineA
ExitProcess
GetModuleHandleW
GetModuleHandleA
GetProcAddress
LoadLibraryExA
VirtualAlloc
LoadLibraryA
GetVersionExA
IsBadReadPtr
VirtualAllocEx
gdi32
CreateCompatibleDC
GetCurrentPositionEx
CreatePenIndirect
user32
GetCapture
GetActiveWindow
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 149KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RES99 Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RES70 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RES38 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RES94 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RES68 Size: 2KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RES39 Size: 512B - Virtual size: 278B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RES16 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RES92 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ