Static task
static1
Behavioral task
behavioral1
Sample
4e38a3aa734865071f4edcdd5775be83_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
4e38a3aa734865071f4edcdd5775be83_JaffaCakes118
-
Size
36KB
-
MD5
4e38a3aa734865071f4edcdd5775be83
-
SHA1
f9580c3e42e44509b489f6508a4361bab5441fcd
-
SHA256
94fcac614053ae8e8b8ee252916ae82f2cb4b1743ac2af8aeb316d680d67fb1b
-
SHA512
0b97d63f0902dc37e9e6349fb26c83ca6e03d7817fa0a17d461648b43be68efca1eafd6a72329fa0b02f4cef1164df73c20d592db83aaa9e5bc6828c80f2f5f3
-
SSDEEP
768:RZfOWJJAAiLfUkx2IM4fYwXC6HaYX8eCEdQHh907Q7DaG:Pr1ix2+fYyH3mEKHv01G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4e38a3aa734865071f4edcdd5775be83_JaffaCakes118
Files
-
4e38a3aa734865071f4edcdd5775be83_JaffaCakes118.exe windows:10 windows x86 arch:x86
59c724a57fa4d2dfb57766dde1a57b2d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
advapi32
RegCloseKey
msvcrt
exit
user32
wsprintfW
ntdll
RtlVerifyVersionInfo
version
VerQueryValueW
mpr
WNetGetLastErrorW
oleaut32
VariantClear
ws2_32
WSAGetLastError
framedynos
??0CHString@@QAE@XZ
dbghelp
EnumerateLoadedModulesW64
shlwapi
StrStrW
api-ms-win-core-com-l1-1-0
CoTaskMemFree
sspicli
GetUserNameExW
srvcli
NetServerGetInfo
netutils
NetApiBufferFree
Sections
.MPRESS1 Size: 29KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE