Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
e2c5b227b63fdcb06b7ed7e6b1ef453d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2c5b227b63fdcb06b7ed7e6b1ef453d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e2c5b227b63fdcb06b7ed7e6b1ef453d_JaffaCakes118
-
Size
207KB
-
MD5
e2c5b227b63fdcb06b7ed7e6b1ef453d
-
SHA1
5d082a6dd013b03e3cb2645813220bd8cfe221a6
-
SHA256
3a8b0c66b39809faeca7d8e618b88e15bf0ad5cceea7799ab93034127834280a
-
SHA512
ca5bae235c5896f538a5a3d49ed30d90940bcc509155aab10dabfcf37e78e9dd8f8cd33ef65d1ec8ddd06ff7400a38dc61bd8aea973db793c9c1d265bbc24669
-
SSDEEP
6144:dyDhODiJ4hfV4uRxnwei8ej0EJfhs+5kKFVBfKKnsl:dymx4uR9JejNt+4VB1e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e2c5b227b63fdcb06b7ed7e6b1ef453d_JaffaCakes118
Files
-
e2c5b227b63fdcb06b7ed7e6b1ef453d_JaffaCakes118.exe windows:4 windows x86 arch:x86
d17904be40454b82c6a8976bd0603613
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteFileA
FindVolumeClose
CreateFileA
WaitForSingleObject
ExitProcess
GetCurrentDirectoryA
SetFileAttributesA
SetEndOfFile
EnterCriticalSection
ResetEvent
VirtualAlloc
HeapSize
GetTickCount
GetFileSize
GetStartupInfoW
CloseHandle
GetCommandLineA
HeapDestroy
ResumeThread
FindAtomA
FindVolumeClose
ReleaseMutex
GetEnvironmentVariableA
IsBadCodePtr
GetModuleHandleA
wininet
FtpDeleteFileA
FtpGetFileW
FindCloseUrlCache
FtpCreateDirectoryW
DeleteUrlCacheEntryA
HttpQueryInfoA
DeleteUrlCacheEntryA
HttpEndRequestA
FtpPutFileA
FtpOpenFileA
FtpFindFirstFileA
DeleteUrlCacheEntryA
FtpGetCurrentDirectoryW
sisbkup
SisRestoredLink
SisRestoredLink
SisRestoredLink
SisRestoredLink
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ