H:\net\Frozen\comprises\GetPositio.pdb
Static task
static1
Behavioral task
behavioral1
Sample
41c3073af06983e55cde51c7cbff389c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
41c3073af06983e55cde51c7cbff389c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
41c3073af06983e55cde51c7cbff389c_JaffaCakes118
-
Size
576KB
-
MD5
41c3073af06983e55cde51c7cbff389c
-
SHA1
634110f9b7d906b69061b23f12e94e1034f74a71
-
SHA256
6a5a55353110604ed0c7802dfcdf3d6579881a001e5f6900e457c629533973a8
-
SHA512
d760ed63dacaa3f9262f76388ef923a277aa0fe3ce1ce51c66a90587b4b39a8f99a14cbd5109f7a8aa3bcd26c0e7341ad4576a321b3b93c11873a02ef0c4c252
-
SSDEEP
12288:dzXUW4OANYmEwKXzLJKzh9u7iB3ta0PaYEX24oQxV9YQ+flJ:v4OAN1KXXUP0qa0Pap29AV9+dJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 41c3073af06983e55cde51c7cbff389c_JaffaCakes118
Files
-
41c3073af06983e55cde51c7cbff389c_JaffaCakes118.exe windows:5 windows x86 arch:x86
03d7ac49c1f30459ab61db0d23712583
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
CreateFileW
FlushFileBuffers
LCMapStringW
GetStringTypeW
MultiByteToWideChar
SetStdHandle
RtlUnwind
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
lstrlenA
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteFile
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteFileA
CloseHandle
GetModuleHandleA
GetSystemInfo
WriteConsoleA
LoadLibraryA
GetProcAddress
GetLastError
GetStdHandle
GetSystemDirectoryA
GetModuleFileNameW
ReadFile
HeapCreate
CreateEventA
FreeConsole
GetProcessHeap
Sleep
WaitForSingleObject
ReadConsoleA
HeapAlloc
AllocConsole
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
IsValidCodePage
CreateFileA
InterlockedDecrement
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
HeapValidate
IsBadReadPtr
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetModuleHandleW
InterlockedIncrement
SetLastError
user32
GetFocus
RegisterClassA
SetWindowRgn
GetWindowRect
SetCapture
LoadIconA
GetClientRect
SendMessageA
BeginPaint
GetDC
InvalidateRect
CreateWindowExA
ReleaseDC
GetDlgItem
DefWindowProcA
ShowWindow
SetWindowTextA
UpdateWindow
LoadCursorA
MonitorFromRect
gdi32
MoveToEx
LineTo
CreateFontIndirectA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
GetObjectA
GetStockObject
CreateEllipticRgn
comdlg32
FindTextW
shell32
SHGetMalloc
SHGetDesktopFolder
ole32
CoInitialize
oleaut32
SysAllocString
SysFreeString
shlwapi
StrFormatByteSizeA
PathCompactPathA
PathFileExistsA
comctl32
ord17
snmpapi
SnmpUtilMemAlloc
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 353KB - Virtual size: 353KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.kave Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.toda Size: 512B - Virtual size: 307B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bidata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ