Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
e2c9fb261ec2389cca2159520acd104c_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e2c9fb261ec2389cca2159520acd104c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e2c9fb261ec2389cca2159520acd104c_JaffaCakes118
-
Size
158KB
-
MD5
e2c9fb261ec2389cca2159520acd104c
-
SHA1
3a8456e6a89051861593a94a68e4f61fd87634ef
-
SHA256
6f71b74f9f2b4bd5b9225ce0fbcc98c41945e5888067fa662a676c940d6253dd
-
SHA512
3ac3e65be7d06c18645c73c28786eda064f7d81b026dafec93f78fe56d1275173b59d6bc4f7736d47ef1fa72cf16dfd8c12293649b82b4b27541380f72e592d6
-
SSDEEP
3072:Cxz7iZiW0kKGgJ1ZTiG3YAjXbnHsgC+AuO1FVfQgxOQKANhbh2t5dke:2lVGgJ1Z+MYsDMgCJuO1FVfQozKADb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e2c9fb261ec2389cca2159520acd104c_JaffaCakes118
Files
-
e2c9fb261ec2389cca2159520acd104c_JaffaCakes118.exe windows:4 windows x86 arch:x86
1177c5e9702dc4cf4bb01cd6a357610c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
Imports
shlwapi
PathCombineW
PathFileExistsW
advapi32
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
oleacc
LresultFromObject
CreateStdAccessibleObject
kernel32
lstrcpyA
GlobalFree
lstrcpyA
GlobalAlloc
InitializeCriticalSection
GetProcessId
FindClose
GetLastError
WideCharToMultiByte
OutputDebugStringW
MultiByteToWideChar
LockResource
EnumResourceNamesW
GetTickCount
GetCPInfo
CreateFileMappingW
FreeEnvironmentStringsW
lstrcmpiW
lstrlenW
lstrcpyW
GetACP
GetModuleHandleW
user32
CharNextW
CharUpperW
wsprintfW
PostThreadMessageW
SendMessageA
GetDC
GetMessageW
TranslateMessage
KillTimer
DispatchMessageW
SetTimer
UnregisterClassA
ole32
CoTaskMemFree
CoInitialize
CoCreateInstance
CoRevokeClassObject
CoTaskMemRealloc
StringFromGUID2
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize
StringFromCLSID
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.isete Size: 1024B - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ