Static task
static1
Behavioral task
behavioral1
Sample
6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118.exe
Resource
win7-20240419-en
General
-
Target
6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118
-
Size
212KB
-
MD5
6058db89a4f5614808a8e1a7ac77caab
-
SHA1
c1f726a5a96ef80fcdba7e60a64770f0802a8b0b
-
SHA256
766e7abb4b88bebb9923b9657a446a0bb6be847d5d4c4be046ed248b9136626d
-
SHA512
e74d635e2b26d7fc00419f8c747c84ddc9e3f8dfebaa8b60e6d4d187de930883c7e303fa400051a50bc2fb5ecf9ff5c3c48e9c6b9b404418529ddc84370620e5
-
SSDEEP
3072:tpBIXcL1Iy+6Ak9lN5hnY7CQJPQTTlO9rlHSzQlufVWeoZgPU05kAv1emq4rOS:tXL1Z+l8RRQRyTA95SjWerd5OkO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118
Files
-
6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118.exe windows:5 windows x86 arch:x86
d7dda0022b780c9900002deff1c436ab
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DosDateTimeToFileTime
GlobalAlloc
FreeEnvironmentStringsW
CreateEventW
InterlockedIncrement
GetOverlappedResult
RegisterWaitForSingleObjectEx
ExpandEnvironmentStringsA
GetProcessHeap
VirtualQuery
lstrcpynW
GetLogicalDriveStringsW
ZombifyActCtx
SetProcessWorkingSetSize
GlobalFree
CreateActCtxW
GetStringTypeExW
SetEvent
LockFile
GetCommandLineW
PurgeComm
VirtualProtect
GetCommTimeouts
UpdateResourceW
_lwrite
SetThreadPriority
lstrlenA
EnumDateFormatsExW
GetCPInfo
InitializeCriticalSection
InterlockedCompareExchange
SizeofResource
DeleteFileA
CreateFileA
GlobalWire
EnumDateFormatsW
lstrcmpiA
AllocConsole
SetDefaultCommConfigW
FlushFileBuffers
GetLocalTime
GetCurrentThread
AddConsoleAliasW
DnsHostnameToComputerNameA
GetProfileSectionW
FileTimeToDosDateTime
ReplaceFileW
QueryMemoryResourceNotification
GetLastError
GetSystemWindowsDirectoryA
OpenJobObjectW
TerminateProcess
GetCurrentDirectoryA
GetCommModemStatus
ChangeTimerQueueTimer
GetVersionExA
SetEnvironmentVariableA
FindFirstChangeNotificationW
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
user32
GetCaretPos
advapi32
GetPrivateObjectSecurity
AddAuditAccessAceEx
RegSaveKeyW
DeleteService
OpenServiceW
LookupAccountSidW
InitializeAcl
EnumDependentServicesW
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
DuplicateTokenEx
RegQueryInfoKeyW
GetSidSubAuthority
SetServiceStatus
GetSidLengthRequired
RegDeleteValueA
GetAclInformation
ClearEventLogW
AreAllAccessesGranted
GetKernelObjectSecurity
OpenProcessToken
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 137KB - Virtual size: 205KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ