Static task
static1
Behavioral task
behavioral1
Sample
5b79fe24b2a999bb7c4e2bd7094261e4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5b79fe24b2a999bb7c4e2bd7094261e4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
5b79fe24b2a999bb7c4e2bd7094261e4_JaffaCakes118
-
Size
101KB
-
MD5
5b79fe24b2a999bb7c4e2bd7094261e4
-
SHA1
af38ad4ea6b289c4dc809d3244cbec13b4ca6f0d
-
SHA256
f3d771227203f5af9167a4a6aea5b9b4814c81e2493a5e8b048f91f13ead459d
-
SHA512
c432824faa4548ca1971502ff8832256eedcfb63ce4c907743f3f18ad4e5614c5f4137990248186134418c2472b0a58eda47bf38398af64c05cecd6ba80a6bce
-
SSDEEP
1536:C3tshpTqHvDyMQ0cKxVlATYPE6/RSIfQOlfUbTwvWBVpt8YoUu3eKAsy:C3OlKxETcE6JnfQOlfWTwvapBo1ha
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5b79fe24b2a999bb7c4e2bd7094261e4_JaffaCakes118
Files
-
5b79fe24b2a999bb7c4e2bd7094261e4_JaffaCakes118.exe windows:5 windows x64 arch:x64
84c8a5c33cb5a52122f9ced733eb1f5f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
kernel32
CreateThread
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
IsBadReadPtr
VirtualAllocEx
GetEnvironmentVariableW
CreateProcessW
GetComputerNameA
GetDriveTypeW
FreeLibrary
GetLogicalDrives
GetExitCodeThread
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
OpenMutexW
ReleaseMutex
SetLastError
SystemTimeToFileTime
GetSystemTime
GetVolumeNameForVolumeMountPointW
LoadLibraryW
SetFileAttributesW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
VirtualAlloc
GetTempPathW
ReadFile
WriteFile
VirtualFree
FindFirstFileW
GetFileSize
GetLastError
GetTickCount
CreateFileW
SetEvent
CreateDirectoryW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
CloseHandle
GetProcAddress
SetThreadPriority
GetFileAttributesW
GetCurrentThread
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
CreateEventW
GetModuleFileNameW
Sleep
VirtualFreeEx
GetModuleHandleW
WaitForSingleObject
SetFilePointer
ExitProcess
user32
CharToOemW
advapi32
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AccessCheck
MapGenericMask
OpenThreadToken
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
CryptGetHashParam
GetLengthSid
shlwapi
PathSkipRootW
PathMatchSpecW
PathFindExtensionW
PathAppendW
PathStripPathW
SHDeleteValueW
StrCmpNIW
wvnsprintfA
PathAddBackslashW
PathAddExtensionW
PathCombineW
PathRemoveBackslashW
PathUnquoteSpacesW
PathRemoveFileSpecW
wvnsprintfW
ole32
StringFromGUID2
CLSIDFromString
shell32
SHGetFolderPathW
ShellExecuteW
crypt32
CryptStringToBinaryW
CryptDecodeObjectEx
wininet
InternetCrackUrlA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ