Exception
Static task
static1
Behavioral task
behavioral1
Sample
2da7755f33d19be8ca3676ea9456b520_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2da7755f33d19be8ca3676ea9456b520_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
2da7755f33d19be8ca3676ea9456b520_JaffaCakes118
-
Size
457KB
-
MD5
2da7755f33d19be8ca3676ea9456b520
-
SHA1
649c69abf84fb860f0ea0e3bba69ec1efac264aa
-
SHA256
c09ff2b5c526d2d2065f3a160d4da7b6f11d96fb7703fabfd8d582e52adb9052
-
SHA512
d13401fd2080c3dd8e75ff6d573fb9b52e9a629551a4e2ed95986ef90661cc454bd6aa0a9ebb70b7289bd580da569ab0dcf3800ce49938067849db6a95b8d687
-
SSDEEP
12288:SgiAsjg94BQXSyhPy2gGJ1wTYQx9T7vymGNH:XiAMg94BQXSykLGJ1MYFNH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2da7755f33d19be8ca3676ea9456b520_JaffaCakes118
Files
-
2da7755f33d19be8ca3676ea9456b520_JaffaCakes118.exe windows:6 windows x86 arch:x86
f8021ebdd31c4454718619ccecb068cc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
OutputDebugStringW
VirtualQuery
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
SetStdHandle
CreateFileW
GetModuleHandleA
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetEnvironmentVariableA
GetStartupInfoA
CreateProcessA
CreateEventA
lstrlenA
CloseHandle
WaitForSingleObject
SetFilePointerEx
ReadConsoleW
GetConsoleMode
ReadFile
HeapSize
GetCurrentThreadId
GetProcessHeap
GetCPInfo
GetOEMCP
SetLastError
GetLastError
GetACP
IsValidCodePage
LoadLibraryExW
WriteFile
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
user32
DrawIconEx
GetDlgItem
TrackPopupMenu
UpdateWindow
GetDC
DrawFrameControl
CallWindowProcA
GetWindowDC
ReleaseDC
InvalidateRect
ScrollWindow
SetWindowTextA
GetClientRect
GetWindowRect
GetCursorPos
FillRect
GetDesktopWindow
GetScrollInfo
SetScrollInfo
GetParent
CreateWindowExA
gdi32
CreateBitmap
GetPixel
TextOutA
GetObjectA
StrokePath
EndPath
BeginPath
SetBkColor
SelectObject
PatBlt
GetTextExtentPoint32A
GetStockObject
CreateCompatibleBitmap
DescribePixelFormat
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
advapi32
GetTokenInformation
SetEntriesInAclA
OpenProcessToken
shell32
ShellExecuteA
Shell_NotifyIconA
ExtractIconExA
oleaut32
SafeArrayCreate
OleTranslateColor
netapi32
NetApiBufferFree
NetServerEnum
comctl32
ord17
pdh
PdhOpenQueryA
gdiplus
GdipFillPath
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipAddPathEllipseI
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipDrawPath
imm32
ImmGetDefaultIMEWnd
tapi32
lineOpenA
lineAddToConference
lineParkA
linePickupA
linePrepareAddToConferenceA
lineProxyMessage
lineNegotiateExtVersion
Exports
Exports
Sections
.text Size: 221KB - Virtual size: 221KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ