C:\Users\danilo\Desktop\RL\WarFace BR\WF_Inject\Release\WF_Inject.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
352ed817adf1e66506c3a192b6e8dd73_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
352ed817adf1e66506c3a192b6e8dd73_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
352ed817adf1e66506c3a192b6e8dd73_JaffaCakes118
-
Size
772KB
-
MD5
352ed817adf1e66506c3a192b6e8dd73
-
SHA1
0ba2ae1b64b61ae50f4f02c282dec0166c7b000a
-
SHA256
026154fb0e3b7af42ed933b819b143e18909c9981d720d47c8c50d2723b00e1f
-
SHA512
29f5a534223e21a3c4620fe25f7cf32ca9f40ea7a2880155ce5621422a6ef9b8b960238395a826dc547c68c9ba47713736a0202a6d0bb49d2612dfacb184fc35
-
SSDEEP
12288:+VfgBtSzn4Zsd3IX6Xj5YegCgTjDI9eeahc163L+g3/p/hrPt8GCowXskA:+VYSz7U6tLgC2PAee11IL1RhTmGCFcf
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 352ed817adf1e66506c3a192b6e8dd73_JaffaCakes118
Files
-
352ed817adf1e66506c3a192b6e8dd73_JaffaCakes118.exe windows:5 windows x86 arch:x86
9996a8a316af821a96d546a11253803d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
CreateRemoteThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
MessageBoxW
advapi32
AdjustTokenPrivileges
msvcr100
_lock
Exports
Exports
Y�$ne�* ����pS�rȓ� ����yI��駧V��;�T�d�:7�u�8WOq�Om(t�����Zi���D�h*��S�f+�%Q=fzi�Lc�c�_?)��VF��w��R�ه-�؛�������ݭ&�LÀ�8?�-��e�{�8�+T�Ԛ%����F8Zr��ҋ���|BW/05h�H��͆������aAě�x� ����؝Wz�&BB��a�����-}<{D���.̶&�H�wGx��@/ �翌�� ��S+y/�{s�:���E�R9l*\a�r�Ϛ�����F�XI�h�R������N��w��w>�dֺk#Ps��RQ�ۂ_>5'���q��<֓���~ 7x�2�:��X@|�Rن=���\�P��j5B�KRµ�2#�`��ځ��Ŋ@=��:lmRp���2��5�P���G���y�y����®EG��A����7�0� �V���9W��3�� ��]y��CF�������-�f�`V��R��ZaP?A�*Yɞ�D����;f������� q<��~L���t����@&� |���`%����=<�\�gl����dWC�����DNl��Y�:�����t"�E7ղ�q��ehe:�b!?��� � اɰ�±���;�.BO��I�C��^�פ���F͝�eƨ�as�(����X<��5j`S��z�@�?S�}��lZh�D�Z�ӿX���&J�5₷��w� EJ:#��i�����kD�E�6�lK�<�Ǒ�����RK����м>���-o9�r'����8��bt���FQ|J4���e%����}�L'1_vY�<e'��ג���A7�#7m���A�~�/h���Q)s��D��tŧ�ͨ�T��`:����pų���L��V�8��%�'X��}�gj�����g#3�&�ҨQ5��M�%���X8ox,��ƍ�/����F"�Q�R��a���L���He�w:���X^5���`�8{���r̎8ܳ�t��j����n\6��ް��ﴰ���U)�^ Ȉ��'��<L�����g������>9<%I(�Xpuix�, J��ޥ����7�fL����jR�Ո� b�:�c��Fbh��ħ��'2F�����b ����lĐ���>I�|fc�f.�P��Ӵ¿l�!*���c`?���>��8}��K��p/�D�&�#��ㄱ�]��bտF2˴���g3��̈́�:�T�8�ӕ�M-T�^C(a�A}8�)��19��j{��������;��m��X4�79��{r�k�['��$=��l,v����0��)<e�*������r���~��G�eB��48��'C��u��������s,D�~�6P�LXّ����v+�V�|VN;^UQ�i�:]?�:���5y��s��!dv@�<tD$���9'����74Ι1&�A�-@��'aɲN�!\���sn�q�+�ތ�2DG���)���I�� ��C�9���yU��������J?'u,kɁiD��0)���� �cQOt�ёM�8����4�o�I��F�L�~`�>���lR���7g $=��A��v%�j���f��>�k�rC��7r�-/ (�/�D=���AXg��D�����7,��̸}��*�2Pm����N<��c��N4AŲ{Q�Ŋp.����@��pO�n�� M:S�~h������q6ow��|�!��7��3ab��a�~LLˀ���J���F���'R��6�Rn�u^о ���]�^ղ� T�L=����e�Y��"ݘ+h��Y8ݐ�]x:����ePHuՐF�M�Y��L���̿p.�9X��Q����[�d@i�vP��W����^ZTڴz+Dd��E�?shuFhԜR3��K�ʔW%t���*6ӣ����1��� ڴL�T�X��B@ϕ[�Y��d�E���U���9uP�"��h,l��$˔ *�4$����r)S��5� l���F�-;>�O�;'O�.���Vp���B�:�Vj�{P�G�/4I�ș_ �hןp�<�k�а�^p_�m7xgT"E���6�`r�h�랧��� `�};;%�}B�$��jng���:3�Ra�r�y�-���������m!�߽��� "��B1!��k�Ȣ�;�ȘKc�]` ���A��l�#�ϓ;��KX�L B?����� ��F�ˣ�ei#�!��$ Z{��c |��C1D���Of�E�?��Y\��nPEM������@�����| ����<�!V����RLs{��F4�l��lN�������7�/X=�D�>�6��@~�$w��y���{i�Q̮�����RF7d�B���ZӋ�yR����.���[��%�'�h�/ ��3���w5�H�������6y���I��0P|NAP�Hh���ī�N�#�� ��r8I!�s6eZW�Z����#��E� �E��W��q�k9+_1���u��=�I�P�n�w �"���Qp�����|WP� oe���"q|}��1d-���D=���� l��/5QA�!�>���*���]�� ��ð����@��;�����*JV��A��Y*P�i0���u��66)&v��>%��k TX�H���#o��e�I�6?���!!O7?����j=������T����Gc�r�j�`��W��@~7��r��y��D�@.}����!RI�`9��M�Na�I�<�U)���"����ܸff�po"�B_*�8�A��:�鳒c�ԯ�3���"C���ZK �Pz�R� *�����h�8�#'�u���DSӊӂ�J����O$��ݍ�ZJy�����Cf�m�Rde��)�6��:�0��5��D?od��d�] �P#�BI��d����� ڝWI]Y������a���)��]��+�C���)�*\��4�_�&~!����ګ�g"�\3�ú���7;SR�.�8�F`��qi�#�p��R�������I[�S���y{<q��EJ�!�,s0����t�T�3�i��Q��@H�9-%�A���qp.�)0�m{JhF�m��0^m���(
Sections
.text Size: - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 750KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 770KB - Virtual size: 769KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 445B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ