e:\9\Similar\7\82\Listen\22\17\2\Sleep\92\toward\39\89\live.pdb
Static task
static1
Behavioral task
behavioral1
Sample
0e3d9982ef71756615d59ccd5d05abbe_JaffaCakes118.dll
Resource
win7-20240220-en
General
-
Target
0e3d9982ef71756615d59ccd5d05abbe_JaffaCakes118
-
Size
406KB
-
MD5
0e3d9982ef71756615d59ccd5d05abbe
-
SHA1
c089fb31acf2284b4c33df45696b3750d98ae19c
-
SHA256
89e881e0beb8adc93f3b45e835e68355e855d951a44d18153b7f042989b353e0
-
SHA512
241b56a8fe6af00d80d4757522eefbc9e135e878b938b8eca4b8be6aae9411629d7687e1f476e8cd7a0957d6f1fce59fc9726011185e702dc0d5c501c1457a3a
-
SSDEEP
6144:MU/OLpMfgR6vtVIgyPFiChgkX7WOMeLpebnZgUe4A29pNwz:MU/OLCfvLqPACIeoFa4A29Dwz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0e3d9982ef71756615d59ccd5d05abbe_JaffaCakes118
Files
-
0e3d9982ef71756615d59ccd5d05abbe_JaffaCakes118.dll windows:6 windows x86 arch:x86
c6999771217f1216d96e792ac4717a66
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
VirtualProtectEx
Sleep
TlsAlloc
TlsSetValue
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentVariableA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
RemoveDirectoryA
CloseHandle
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
EncodePointer
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
HeapAlloc
HeapValidate
GetSystemInfo
ExitProcess
WriteFile
OutputDebugStringW
LCMapStringW
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetProcessHeap
CreateFileW
msacm32
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamMessage
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
acmFilterChooseA
acmFilterEnumA
acmFilterDetailsA
acmFilterTagEnumA
acmFilterTagDetailsA
acmFormatChooseA
acmFormatSuggest
acmFormatEnumA
acmFormatDetailsA
acmFormatTagEnumA
acmFormatTagDetailsA
acmDriverPriority
acmDriverOpen
acmDriverRemove
acmMetrics
acmGetVersion
Exports
Exports
Joinmy
Soldiertriangle
Yellowsaid
Sections
.text Size: 381KB - Virtual size: 381KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 349KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 284B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ