Static task
static1
Behavioral task
behavioral1
Sample
ed1fa87c7d82ccdbe48b51cb85386ada_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ed1fa87c7d82ccdbe48b51cb85386ada_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
ed1fa87c7d82ccdbe48b51cb85386ada_JaffaCakes118
-
Size
559KB
-
MD5
ed1fa87c7d82ccdbe48b51cb85386ada
-
SHA1
079a5b1f40dc494e16b203f9672e47ac5ecb162f
-
SHA256
728a0cbe8de6e2308174bf06ee10b1610cb1861ba530d6722f515bbf59ffd174
-
SHA512
4961314cabb397125dace738c57a71b64fb355ca80e52eb5e53676743f0d5bd1c890c162f525a81ad2a12b243cfdcbc5235f4f93dd9f4e2e24165b596d739659
-
SSDEEP
6144:pa9IWp1Xj5ocdxsbl/4Lbr8y9z2Hr8IkgBbi2QeLBlFV1tCgaojpsXv2SPfOPlY:TWTj5nw1E79Wr8IneLkBbttm2S3y
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ed1fa87c7d82ccdbe48b51cb85386ada_JaffaCakes118
Files
-
ed1fa87c7d82ccdbe48b51cb85386ada_JaffaCakes118.exe windows:4 windows x86 arch:x86
4c2e26e3a1abe313aea95d441f88d365
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
InitiateSystemShutdownA
CryptDuplicateHash
CryptExportKey
CryptHashData
LookupAccountSidA
CryptAcquireContextA
ReportEventA
LookupPrivilegeNameA
CryptGetProvParam
CryptGetUserKey
CryptSignHashA
InitializeSecurityDescriptor
RegQueryValueExA
RegQueryInfoKeyA
CryptGenRandom
comctl32
InitCommonControlsEx
shell32
SHGetSpecialFolderPathW
SHFormatDrive
ExtractIconExA
DuplicateIcon
wininet
HttpSendRequestExA
FindNextUrlCacheEntryExW
GopherGetLocatorTypeA
user32
GetUpdateRect
GetWindowLongA
SetDebugErrorLevel
ScrollWindow
GetComboBoxInfo
CheckMenuRadioItem
SetCapture
GetDesktopWindow
DrawFrameControl
GetClipboardSequenceNumber
GetNextDlgTabItem
TrackPopupMenuEx
RegisterClassA
RegisterClassExA
SetWindowPos
DdeReconnect
FrameRect
PostThreadMessageA
MapVirtualKeyExA
InsertMenuItemW
GetPropW
GetWindowTextLengthA
GetKeyboardLayout
CharNextA
DlgDirListComboBoxW
DialogBoxParamW
DdeConnect
kernel32
GetLocaleInfoA
GetProcAddress
WriteProfileStringA
FreeEnvironmentStringsA
GetOEMCP
HeapReAlloc
GetProcAddress
GetTimeZoneInformation
GlobalAddAtomA
GetStdHandle
VirtualAlloc
UnhandledExceptionFilter
SetComputerNameA
GetModuleHandleA
CreateMutexA
IsBadWritePtr
TlsGetValue
IsValidCodePage
EnumDateFormatsExA
LCMapStringW
GetStringTypeA
HeapFree
lstrcat
HeapCreate
GetUserDefaultLCID
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GetPrivateProfileStringW
CompareStringA
GetCurrentProcess
HeapDestroy
SetFilePointer
GetDateFormatA
InterlockedExchange
VirtualProtectEx
VirtualProtect
GetUserDefaultLangID
GetSystemInfo
GetLastError
GetEnvironmentStringsW
CloseHandle
GetTickCount
GetCurrentThread
EnterCriticalSection
GetCommandLineA
CreateRemoteThread
OpenMutexA
TlsAlloc
OpenWaitableTimerW
GetNumberFormatA
TlsFree
FlushInstructionCache
GetStringTypeW
SetEnvironmentVariableW
GetStartupInfoA
GetACP
GetEnvironmentStrings
SetStdHandle
WideCharToMultiByte
GetLocaleInfoW
CreateProcessA
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetEnvironmentVariableA
LeaveCriticalSection
GetCurrentThreadId
MultiByteToWideChar
SetHandleCount
TerminateProcess
RtlUnwind
ExitProcess
GetCPInfo
EnumResourceTypesA
FreeEnvironmentStringsW
GetSystemDefaultLCID
InitializeCriticalSection
SetLastError
FillConsoleOutputCharacterA
GetFileType
HeapSize
HeapAlloc
VirtualFree
LCMapStringA
VirtualQuery
GetTimeFormatA
FlushFileBuffers
FoldStringW
EnumSystemLocalesA
SetConsoleOutputCP
WriteConsoleInputW
TlsSetValue
WriteFile
ReadFile
GetModuleFileNameA
CompareStringW
DeleteCriticalSection
SetConsoleCursorPosition
IsValidLocale
Sections
.text Size: 219KB - Virtual size: 219KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 316KB - Virtual size: 316KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ