Static task
static1
Behavioral task
behavioral1
Sample
6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118
-
Size
75KB
-
MD5
6975fd2d7c28b3c63c18f356304d4fa2
-
SHA1
81645a1772bfc616e92e29f459b3c956219946e5
-
SHA256
ed5b7ba61d9bfff0655e4526b89555e0736ed928f679be7930ea980332af578b
-
SHA512
92f409b969ca4f3bc23ebbcf8b0905ec274ec9a77a36d1c09531b92e6d67d26a1c2d5d756ffe40223d329ff8ab0a2c96c438a937801a7bf58daea38c681657c3
-
SSDEEP
1536:k5EBiW9l+5L4jtuPsnRgfLKVsXTnCYWSR1lXaFYILTC8G1Ri:27QQ5wtVnGfLKeESR1lXhd8GK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118
Files
-
6975fd2d7c28b3c63c18f356304d4fa2_JaffaCakes118.exe windows:4 windows x86 arch:x86
94cf7e2895533f0b35aa949644f0d96b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
advapi32
RegCloseKey
comctl32
ord17
gdi32
SaveDC
oleaut32
SysFreeString
shell32
ExtractIconExA
user32
GetDC
version
VerQueryValueA
wininet
InternetOpenA
Sections
.MPRESS1 Size: 70KB - Virtual size: 176KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE