Static task
static1
Behavioral task
behavioral1
Sample
Z.20140262877339D2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Z.20140262877339D2.exe
Resource
win10v2004-20240426-en
General
-
Target
347adaa20574a047be6d065062904b1e_JaffaCakes118
-
Size
629KB
-
MD5
347adaa20574a047be6d065062904b1e
-
SHA1
5541c7b23b3dd9dcc2fbf53c7fb366d6fc7f265e
-
SHA256
97d9142777851f2b5f7d4e3f7a959b6a6a2a9a29f8c17e1a018ef77e3078a1f8
-
SHA512
368756c059dcbd194a26ef62874d84d761b2cf1a05a48e2dca8837fb3e8da5ea676f3e5743062299b9258cabf4c96d7be6d9ed1458ec0489b456e4109d6cd909
-
SSDEEP
12288:tvgb+x+vQhtMD3Fy/7Jl0b4eCuPG4/NL5uCWYncsV:wr1IUc1u9LZpnlV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Z.20140262877339D2.com
Files
-
347adaa20574a047be6d065062904b1e_JaffaCakes118.zip
-
Z.20140262877339D2.com.exe windows:5 windows x86 arch:x86
a4c59f8399a53bb5c57d011baca5b971
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
rsaenh
CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey
kernel32
GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameA
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessW
OpenMutexA
lstrcmp
FindClose
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.ydata Size: 661KB - Virtual size: 660KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE