Static task
static1
Behavioral task
behavioral1
Sample
f4a01e4c53534949f6ada2474f48ca13_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f4a01e4c53534949f6ada2474f48ca13_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f4a01e4c53534949f6ada2474f48ca13_JaffaCakes118
-
Size
339KB
-
MD5
f4a01e4c53534949f6ada2474f48ca13
-
SHA1
e1fdfaa9ae9f15a69e9d7836ed761b6d1ece04c4
-
SHA256
6d30a959eb137c00b2d5ecaabcc8eb383a29be6ea5d7f7ae8034150726bcf803
-
SHA512
2af5c612b966dffbd1adef18fdb3c03c5adb34ff5ac14225ec8bf092d288687b7a152c0d6f3ed4688332a819eebebb5bca7a5f39a7001e174309bb3547e9603e
-
SSDEEP
6144:l/uynavOvT94sBGcErTU7CWLlwA+WJwkMxmxdG9fI5E:l2MV79PBeE7zYexIhI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f4a01e4c53534949f6ada2474f48ca13_JaffaCakes118
Files
-
f4a01e4c53534949f6ada2474f48ca13_JaffaCakes118.exe windows:5 windows x86 arch:x86
982edeeb58477d608d179d01b9d1f90f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetLogicalDriveStringsA
TerminateProcess
GetModuleHandleW
WinExec
GlobalLock
GetSystemDefaultLCID
SetLastError
GetVersionExW
lstrlenW
GlobalUnlock
GlobalFree
IsDBCSLeadByte
GetACP
IsDBCSLeadByteEx
GetDriveTypeW
GlobalSize
GlobalReAlloc
GetFileSize
rpcrt4
MesDecodeBufferHandleCreate
Sections
.text Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 67KB - Virtual size: 807KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ