Static task
static1
Behavioral task
behavioral1
Sample
f0badb4014d0e5a24ffbf4fcf269eb88_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f0badb4014d0e5a24ffbf4fcf269eb88_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
f0badb4014d0e5a24ffbf4fcf269eb88_JaffaCakes118
-
Size
606KB
-
MD5
f0badb4014d0e5a24ffbf4fcf269eb88
-
SHA1
e5f1633464f46d4d0aebb9e222d5883a4ceff3cf
-
SHA256
c01e5aaf7540b2117aabcbce7d07c18b89c1d86ff5e0e34d5422f3cd35a738a2
-
SHA512
af6c06dfbfd402cf1f5d475bf2a84c0ac4a1f1df60b56e95a533d77e770bfc6fa05bf80fd32d71f48c4afb99c05bb621a69e801be04eb7da86f483c65a8bf1b8
-
SSDEEP
12288:2OXXLhhs2XAFjgYZaOEOAHhly6T6ebnpSXVnf0U0SJvoqnuUD:ryTAVTVpu30SJvo+uU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0badb4014d0e5a24ffbf4fcf269eb88_JaffaCakes118
Files
-
f0badb4014d0e5a24ffbf4fcf269eb88_JaffaCakes118.exe windows:5 windows x86 arch:x86
7cc6234f530360ee10fba1cd1e2527e1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
strcmp
_stricmp
_vsnprintf
strtoul
memmove
isspace
NtQueryVirtualMemory
RtlUnwind
_strnicmp
wcsncat
tolower
_wcsicmp
atol
memcmp
isprint
memcpy
_wcsnicmp
wcslen
wcsstr
strncmp
strstr
isdigit
memset
_chkstk
strcpy
strncpy
atoi
strchr
strlen
kernel32
InterlockedIncrement
CreateThread
CloseHandle
TerminateThread
GetCurrentThread
ExpandEnvironmentStringsW
GetModuleHandleA
OpenThread
GetProcAddress
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
GetVersionExW
GetLastError
GetCurrentProcess
OpenProcess
TerminateProcess
lstrcmpW
GetCurrentProcessId
Sleep
lstrcpyW
Process32NextW
Thread32Next
Thread32First
Process32FirstW
lstrcpynA
lstrlenA
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyA
lstrcatA
ExpandEnvironmentStringsA
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
ExitProcess
GetTickCount
lstrlenW
SetLastError
lstrcatW
lstrcpynW
InitializeCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InterlockedDecrement
EnterCriticalSection
TryEnterCriticalSection
ExitThread
GetModuleHandleW
ResetEvent
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
ResumeThread
CreateProcessW
CreateFileW
FindNextFileA
CopyFileA
lstrcmpA
FindFirstFileA
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
CreateFileA
ReadProcessMemory
CreateRemoteThread
lstrcmpiW
GetModuleFileNameW
VirtualQuery
VirtualFreeEx
VirtualAllocEx
Process32Next
Process32First
DeviceIoControl
LocalFree
ReleaseMutex
OpenMutexW
CreateMutexW
LocalAlloc
CopyFileW
RemoveDirectoryW
LoadLibraryW
IsWow64Process
DuplicateHandle
GetNativeSystemInfo
UnregisterWait
VirtualProtectEx
VirtualAlloc
GetProcessHandleCount
VirtualQueryEx
VirtualFree
QueryPerformanceCounter
GetProcessTimes
WideCharToMultiByte
CreateEventA
RegisterWaitForSingleObject
OpenEventA
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
LeaveCriticalSection
shlwapi
PathCombineA
StrChrA
psapi
GetModuleFileNameExW
ws2_32
WSAGetLastError
WSAStringToAddressW
setsockopt
WSAIoctl
shutdown
WSASetLastError
WSACleanup
getpeername
inet_addr
gethostname
getsockopt
inet_pton
__WSAFDIsSet
recv
send
WSAStartup
select
ioctlsocket
getaddrinfo
freeaddrinfo
listen
gethostbyname
socket
htons
htonl
closesocket
ntohs
inet_ntoa
getsockname
accept
connect
recvfrom
bind
sendto
user32
GetWindowThreadProcessId
IsWindow
SetWindowsHookExA
CharNextA
PostThreadMessageW
CallNextHookEx
ToAscii
MapVirtualKeyW
GetWindowTextA
GetForegroundWindow
UnhookWindowsHookEx
DispatchMessageW
TranslateMessage
GetMessageW
advapi32
GetSidSubAuthorityCount
OpenProcessToken
EqualSid
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidA
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetTokenInformation
shell32
SHFileOperationW
SHGetFolderPathW
SHGetFolderPathAndSubDirW
SHGetFolderPathA
ole32
CoCreateGuid
StringFromGUID2
Sections
.text Size: 214KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 317KB - Virtual size: 317KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 80.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ