Static task
static1
Behavioral task
behavioral1
Sample
e280d592e19c266f34fe8319e265a90c_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e280d592e19c266f34fe8319e265a90c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e280d592e19c266f34fe8319e265a90c_JaffaCakes118
-
Size
46KB
-
MD5
e280d592e19c266f34fe8319e265a90c
-
SHA1
f4b064ee4c2c317b06b43ade80fbd114aec9729c
-
SHA256
5a6bbdacc2a47f0745375f46a4e048fbd56cb95f99c69922b08b48b5006c0c18
-
SHA512
bb126288f32088dda4150b173f884d9d5e27a7d104b3cd404e6b135b08a2208ee1d05c4e22a18abb0adf550ed724ae3c320a1a17735da0d749984a8f4e81fe0d
-
SSDEEP
768:MgGdlx90CLHmhpfjQZE8Av7t7xZeVKMGh/kxC/LUcrxv73XKxwg1Pm5w/m5vEg:RG3P0CLwpfjQmJ7BJPNkxC/b9zXVZ5cr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e280d592e19c266f34fe8319e265a90c_JaffaCakes118
Files
-
e280d592e19c266f34fe8319e265a90c_JaffaCakes118.exe windows:5 windows x86 arch:x86
1ad09b2edef6c9c63914be084fc92c41
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
StrCmpNIA
PathFindFileNameW
PathRemoveFileSpecW
StrStrW
SHDeleteKeyA
PathMatchSpecW
PathCombineW
wvnsprintfA
PathFileExistsW
StrCmpNIW
wvnsprintfW
wnsprintfA
wnsprintfW
advapi32
CryptReleaseContext
CryptGetHashParam
RegQueryValueExA
DuplicateTokenEx
RegCloseKey
RegDeleteValueA
CryptCreateHash
Sections
.ynyhun Size: 36KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.klwf Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ututav Size: 5KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ