F:\ccc\傀儡进程\wwww\Win32Project1.pdb
Static task
static1
Behavioral task
behavioral1
Sample
eb0ce6e006cfd661632fb5cdff9591b0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eb0ce6e006cfd661632fb5cdff9591b0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
eb0ce6e006cfd661632fb5cdff9591b0_JaffaCakes118
-
Size
138KB
-
MD5
eb0ce6e006cfd661632fb5cdff9591b0
-
SHA1
5b8aa5a0457dee466f0afb6478cb2047ff4f37b4
-
SHA256
8846fd82164d5f6e02a9b43e196b585b0484dab271170587508356d539324786
-
SHA512
d60391c73d3e5b0e4967797506cba0f06c496f868c38180856feed8f7a42ecacb282d4231f50c6393aaf56f621667994a3f519cfee02b358f4f891e5db1bc5ca
-
SSDEEP
1536:RdRSTXjTH4WcqtBYytWBao5+8NDJz52JRlcVuGXgWxiLm2iLuuMfhPOP4xIsV7pb:bevDDtOytWBHD+1SghLNVT7FG5Hqm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eb0ce6e006cfd661632fb5cdff9591b0_JaffaCakes118
Files
-
eb0ce6e006cfd661632fb5cdff9591b0_JaffaCakes118.exe windows:5 windows x86 arch:x86
bf668705b5e9b00821675799a17316f8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
Process32First
GetVolumeInformationA
Sleep
Process32Next
CreateToolhelp32Snapshot
LocalFree
GetCurrentProcessId
CloseHandle
LockResource
GetLastError
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
FindResourceExA
OpenProcess
GetProcessHeap
HeapFree
GetCurrentProcess
InterlockedDecrement
HeapAlloc
LoadResource
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
lstrlenA
FindResourceA
GetStringTypeW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
user32
wsprintfA
advapi32
RegQueryValueExA
SetEntriesInAclA
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegEnumKeyA
BuildExplicitAccessWithNameA
RegOpenKeyExA
LookupPrivilegeValueA
RegCreateKeyA
SetNamedSecurityInfoA
RegSetValueExA
LookupAccountNameA
OpenProcessToken
ole32
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
oleaut32
SysAllocString
SafeArrayGetUBound
SysFreeString
SafeArrayLock
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
VariantClear
SafeArrayGetLBound
iphlpapi
GetNetworkParams
wininet
InternetSetOptionA
Sections
.text Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ