Behavioral task
behavioral1
Sample
61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118
-
Size
152KB
-
MD5
61ee3ec38bee1aff69a3fc4c568b42a8
-
SHA1
94798cd58c4b720d390afdde9518f8429e86e5d3
-
SHA256
9736a79308b004889cde2fcd8d6912964ca67075c126c049378b438dcee77c83
-
SHA512
604d1cb9e919c7a5158b345ae02c247dc3790dbe3e2a3824debf2e96e2e9ec8973414e0dee01d029fd49f084edea9054c83a917bf41fd5211557a749d18267ce
-
SSDEEP
3072:C9mQrWSB/WM+dCB+IF1G6sT11I0EDAUQ+iU2r2dwat3v:C9USBOMNBNF1cxy0EDAUQ+iU2r2Gev
Malware Config
Extracted
gootkit
8888
sslsecurehost.com
securessl256.com
-
vendor_id
8888
Signatures
-
Gootkit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118
Files
-
61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118.exe windows:5 windows x86 arch:x86
cec901dd4cece3a5835f751a49aba900
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
StrCpyW
StrCmpIW
StrCpyNW
StrCmpW
StrStrIW
StrRChrW
StrDupW
PathMatchSpecW
StrStrA
StrCatW
PathFindFileNameW
psapi
GetProcessImageFileNameA
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfilesDirectoryW
ws2_32
WSAStartup
socket
inet_addr
closesocket
gethostbyname
bind
ntohs
winhttp
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
kernel32
GetFileAttributesW
lstrcmpW
VirtualProtect
GetExitCodeProcess
FindClose
MapViewOfFile
CreateFileMappingW
OpenMutexW
CreateMutexW
SetErrorMode
GetCommandLineW
GetModuleHandleExA
GetModuleFileNameA
GetFileTime
GetSystemTime
SystemTimeToFileTime
GetFileSize
DeleteFileW
LocalAlloc
SetEndOfFile
SetFileTime
RemoveDirectoryW
WriteFile
CreateEventA
GlobalMemoryStatusEx
SetEnvironmentVariableA
GetSystemInfo
TerminateThread
GetSystemDirectoryW
GetEnvironmentVariableA
HeapFree
GetCurrentProcess
lstrlenW
lstrlenA
GetModuleHandleA
GetVersion
GetLastError
CloseHandle
HeapAlloc
GetProcAddress
GetComputerNameW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
lstrcpyW
GetTickCount
GetComputerNameA
lstrcmpA
Sleep
LoadLibraryA
WriteProcessMemory
SetLastError
ExpandEnvironmentStringsW
TerminateProcess
WaitForSingleObject
ResumeThread
GetExitCodeThread
lstrcatW
GetThreadContext
ReadProcessMemory
CreateProcessW
CreateRemoteThread
IsBadReadPtr
GetShortPathNameW
CreateFileW
VirtualFree
VirtualAlloc
lstrcpyA
HeapReAlloc
GlobalFree
GlobalAlloc
LocalFree
OpenProcess
MultiByteToWideChar
GetLogicalDrives
WaitForMultipleObjects
DeleteAtom
GetCurrentThreadId
IsSystemResumeAutomatic
ExitThread
GetCommandLineA
ProcessIdToSessionId
CreateThread
FindAtomW
FindNextFileW
ReadFile
GetModuleFileNameW
SetFilePointer
lstrcmpiA
ExitProcess
SetEvent
FindFirstFileW
SetEnvironmentVariableW
user32
CreatePopupMenu
ExitWindowsEx
GetCapture
ReleaseCapture
GetClipboardOwner
wsprintfA
GetActiveWindow
CountClipboardFormats
GetProcessWindowStation
GetMessagePos
GetDesktopWindow
wsprintfW
GetClipboardViewer
GetInputState
GetShellWindow
CreateMenu
GetCaretBlinkTime
GetClipboardSequenceNumber
DestroyCaret
GetForegroundWindow
GetKBCodePage
GetDoubleClickTime
CloseClipboard
GetMenuCheckMarkDimensions
GetCursor
GetOpenClipboardWindow
GetFocus
GetMessageExtraInfo
GetMessageTime
GetDialogBaseUnits
advapi32
LookupPrivilegeValueA
RegOpenKeyExA
CheckTokenMembership
FreeSid
OpenProcessToken
SetSecurityDescriptorDacl
SetFileSecurityW
SetEntriesInAclW
InitializeSecurityDescriptor
GetUserNameW
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyA
SetTokenInformation
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx
LookupAccountSidW
AdjustTokenPrivileges
RevertToSelf
GetTokenInformation
ConvertSidToStringSidW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyA
GetUserNameA
RegCloseKey
RegQueryValueExA
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
CreateWellKnownSid
RegSetValueExA
ole32
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 43KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ