Static task
static1
Behavioral task
behavioral1
Sample
6dd2ba89e96e70dff143f8fe4c282143_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6dd2ba89e96e70dff143f8fe4c282143_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
6dd2ba89e96e70dff143f8fe4c282143_JaffaCakes118
-
Size
538KB
-
MD5
6dd2ba89e96e70dff143f8fe4c282143
-
SHA1
58d637e4cc0dd05739e4fb5dda4a6910e6390b68
-
SHA256
ee54af3b2159619379f89188fc488fce892174a017c4437957375abd4df07b3b
-
SHA512
6c3349f051e00054f3198dbf03002c1b3ee2b3b606fb79930e205102e693946c2bcd9fad424a62619e0d2395bd9ed2909a406b00294dd01775a0dbcf052d51e5
-
SSDEEP
12288:yhYBiFH9iUvEX9A8khRaQT1UDxJfnAxacJAzhCMoZMP59LBl:yaI7nSQW/gJAzZFTBl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6dd2ba89e96e70dff143f8fe4c282143_JaffaCakes118
Files
-
6dd2ba89e96e70dff143f8fe4c282143_JaffaCakes118.exe windows:5 windows x86 arch:x86
d1ad5b04b98ac81fd6f2a3bb3251562a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM
IMAGE_FILE_UP_SYSTEM_ONLY
Imports
kernel32
CreateThread
CreateEventA
HeapAlloc
GetVolumeInformationA
GetProcAddress
lstrcatA
GlobalAlloc
GetLastError
RaiseException
CreateFileW
SetEnvironmentVariableA
CompareStringW
LocalAlloc
GetStringTypeW
GetModuleHandleA
SetStdHandle
RtlUnwind
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
LoadLibraryW
OutputDebugStringW
LocalReAlloc
lstrcpyA
LocalFree
lstrcpyW
lstrlenW
EnumDateFormatsA
GetCurrentDirectoryW
CreateFileA
CreateEventW
LCMapStringW
ReadFile
WriteConsoleW
OutputDebugStringA
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
MultiByteToWideChar
SetFilePointer
LoadLibraryA
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
HeapValidate
IsBadReadPtr
GetFileAttributesA
FlushFileBuffers
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
user32
LoadCursorA
GetSubMenu
GetMenu
EnableMenuItem
GetDC
GetClientRect
DdeInitializeA
DdeCreateStringHandleW
IsIconic
InvalidateRect
CreateWindowExW
SystemParametersInfoA
DrawFrameControl
FindWindowW
SendMessageA
GetSystemMetrics
RegisterClassA
ShowWindow
GetMenuItemCount
GetMenuState
GetMenuItemID
GetMenuItemInfoA
GetMenuStringA
SetMenuItemInfoA
gdi32
CreateCompatibleBitmap
SelectObject
GetStockObject
GetObjectA
CreateFontIndirectA
DeleteDC
CreateSolidBrush
CreateCompatibleDC
comdlg32
GetOpenFileNameA
shell32
SHGetMalloc
SHGetDesktopFolder
ole32
CoGetMalloc
ws2_32
WSCInstallProvider
WSAStartup
comctl32
ord17
rpcrt4
RpcStringFreeA
UuidToStringA
UuidCreate
gdiplus
GdiplusShutdown
sensapi
IsNetworkAlive
Sections
.text Size: 430KB - Virtual size: 429KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ