Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
e6195ab2ae4670896da889cea7b34fbf_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e6195ab2ae4670896da889cea7b34fbf_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e6195ab2ae4670896da889cea7b34fbf_JaffaCakes118
-
Size
86KB
-
MD5
e6195ab2ae4670896da889cea7b34fbf
-
SHA1
f162a0862e6ed649a7966a13b4b1bc876ebe8df0
-
SHA256
1b15cc8ec2b087165e7b6f274c520b5a7cb4a065e69d025b49598e4274628afb
-
SHA512
3bd9778ddf267a26e3fc1275ffcd912dd099e3ff5d718c3e4676bcdd766431d6b0d2a6d4a219ca5951e556f82ba4d9389b5bb99fcf63ac9a7f6e7a4927b09a06
-
SSDEEP
1536:uqNKT7yMPPoIhz89F4zoMqUPDg02uvf1VnJGPzPtktWBaRDasm8Y:xIVPokzwkuUbfFffMPyW5IY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e6195ab2ae4670896da889cea7b34fbf_JaffaCakes118
Files
-
e6195ab2ae4670896da889cea7b34fbf_JaffaCakes118.exe windows:5 windows x86 arch:x86
8d4cc29ab9d6d5b92e1b2408fca222fe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
QueryPerformanceCounter
QueryActCtxW
FindResourceW
GetLastError
GetSystemTimeAsFileTime
GetSystemInfo
SetInformationJobObject
Module32First
GetProcessAffinityMask
HeapCreate
RestoreLastError
EnumDateFormatsW
GetCurrentThreadId
_lwrite
FindActCtxSectionGuid
GetStartupInfoA
WriteProfileSectionA
ReplaceFileW
GetCurrentProcessId
CreateNamedPipeW
LoadLibraryA
WaitNamedPipeA
SetSystemTime
GetPrivateProfileIntW
SwitchToThread
GetCPInfoExA
GetLargestConsoleWindowSize
SetHandleInformation
UTRegister
GetLocaleInfoW
lstrcmp
LZRead
ReadConsoleInputExA
lstrcpyW
VirtualAlloc
GetPrivateProfileStructA
GetTickCount
SetCommTimeouts
crtdll
_strnset
exit
gets
wcschr
_mbsncat
_open_osfhandle
fclose
__pxcptinfoptrs
_wtol
_global_unwind2
_execve
_ltow
isxdigit
isdigit
_ultow
getenv
_y0
netapi32
NetUnjoinDomain
NetFileGetInfo
NetDfsManagerGetConfigInfo
NetAuditClear
DsRoleDnsNameToFlatName
NetErrorLogWrite
NetConfigSet
NetDfsRemoveFtRootForced
NetUserModalsSet
NetReplExportDirGetInfo
NetLocalGroupDel
DsGetDcNextA
RxNetAccessDel
NetUserAdd
I_NetLogonUasLogon
NetUserGetLocalGroups
NetDfsRemoveFtRoot
NetMessageNameDel
NetReplImportDirDel
NetpwPathCanonicalize
NetSessionGetInfo
NetLogonGetTimeServiceParentDomain
NetpGetConfigDword
I_NetlogonComputeServerDigest
NetShareDelSticky
ntdll
ZwNotifyChangeKey
RtlIpv4StringToAddressW
wcsstr
RtlIpv4AddressToStringW
RtlNtStatusToDosErrorNoTeb
RtlAddActionToRXact
ZwGetPlugPlayEvent
NtDuplicateObject
wcsncmp
NtQueryIntervalProfile
_ftol
RtlUpcaseUnicodeToMultiByteN
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlCreateTimer
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ