1ddS.pdb
Static task
static1
Behavioral task
behavioral1
Sample
6404079117fdcfa3a34eecb4009b407e_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
6404079117fdcfa3a34eecb4009b407e_JaffaCakes118
-
Size
128KB
-
MD5
6404079117fdcfa3a34eecb4009b407e
-
SHA1
1a0455583d0dfa71b8cf00a431ec9fb034e31670
-
SHA256
bbd2e2fbf9de689b293485b4cd01e9455201a3974a3082b68862e2e98d76d65c
-
SHA512
52cf0670e2b3106fa6fba0e1a34bc6e9588d2c66ed63a6c85119b8cd5c6709f4feb8d0918d0b953eb1290733a6aadf3adbdb61170c09e83954f052499c4c4709
-
SSDEEP
3072:nPAAAAAAAAAAAAAAAAAA0AAA6XWAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAALo9AAe:dS2eSATfi7I1RVJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6404079117fdcfa3a34eecb4009b407e_JaffaCakes118
Files
-
6404079117fdcfa3a34eecb4009b407e_JaffaCakes118.exe windows:5 windows x86 arch:x86
a19091b26ea28519dccb7361df0c260d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM
IMAGE_FILE_BYTES_REVERSED_HI
PDB Paths
Imports
msi
ord30
advapi32
EnumServicesStatusA
GetFileSecurityW
GetSecurityDescriptorGroup
GetOldestEventLogRecord
winspool.drv
OpenPrinterW
user32
GetTitleBarInfo
version
VerInstallFileA
gdi32
ExtEscape
GetTextMetricsA
msvcrt
fputws
kernel32
GetTickCount
WTSGetActiveConsoleSessionId
IsProcessInJob
DefineDosDeviceA
GetBinaryTypeA
GetModuleHandleA
GetModuleFileNameA
GetUserGeoID
FillConsoleOutputCharacterA
DeactivateActCtx
Sections
.AD8Te Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1024B - Virtual size: 910B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 940B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ