K:\direction\Generalized\nativelyf.pdb
Static task
static1
Behavioral task
behavioral1
Sample
705a555b05e8dd69fb6a2a6f5ebe004a_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
705a555b05e8dd69fb6a2a6f5ebe004a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
705a555b05e8dd69fb6a2a6f5ebe004a_JaffaCakes118
-
Size
380KB
-
MD5
705a555b05e8dd69fb6a2a6f5ebe004a
-
SHA1
0f82b26d73270906ca677cda36b99b05af88699f
-
SHA256
e057fa42785677584a54d3f91dfd7ce107e22f4d307782252857c21fb8945fe3
-
SHA512
772e86706dd9601db36702030a5d4e86110fc3ea00c1e23138528ef2d9011a5565337bafac04d6d1858daa453856aed0e2ac9a6e347cd3b4d9bd9199a0875e31
-
SSDEEP
6144:2PI9X2Mqbuj9sZQlzAGVv7wcpj13NpFEjGfDwYeXrMOPBLZ1w:oI9X2MqbujcGzAs0cpjBNwXrTy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 705a555b05e8dd69fb6a2a6f5ebe004a_JaffaCakes118
Files
-
705a555b05e8dd69fb6a2a6f5ebe004a_JaffaCakes118.exe windows:5 windows x86 arch:x86
8e7de979a5a019e5e285b8d808e2057e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
PDB Paths
Imports
kernel32
SetFilePointer
GetStringTypeW
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetConsoleCP
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetConsoleMode
LoadLibraryW
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
CloseHandle
GetPrivateProfileStringW
GetConsoleWindow
GetLastError
FormatMessageA
GetProcAddress
OutputDebugStringA
HeapCreate
lstrlenW
WideCharToMultiByte
HeapAlloc
GetCurrentThreadId
Sleep
EnumResourceLanguagesA
GetDateFormatA
CreateFileA
GetFileInformationByHandle
GetTickCount
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
CreateFileW
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
RaiseException
user32
MoveWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateDialogParamA
SetWindowPos
GetSystemMetrics
GetWindowRect
GetDlgItem
CloseWindowStation
CloseDesktop
SetThreadDesktop
CreateDesktopA
SetProcessWindowStation
GetUserObjectInformationA
GetThreadDesktop
GetProcessWindowStation
GetWindowLongA
GetClientRect
SendMessageA
SetWindowLongA
CallWindowProcA
DefWindowProcA
OpenClipboard
CheckRadioButton
GetWindowTextA
IsDlgButtonChecked
EndDialog
SetWindowTextA
LoadStringA
EnableMenuItem
MessageBoxA
GetDC
ReleaseDC
BeginPaint
EndPaint
EmptyClipboard
CopyImage
SetClipboardData
CloseClipboard
gdi32
DeleteObject
SaveDC
SetBkColor
ExtTextOutA
RestoreDC
SetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
PatBlt
DeleteDC
CreateFontIndirectA
comdlg32
GetFileTitleW
advapi32
AllocateAndInitializeSid
IsValidSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
IsValidAcl
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
GetTokenInformation
DuplicateTokenEx
LookupAccountNameW
ImpersonateAnonymousToken
shell32
SHGetFolderPathW
ole32
CoCreateInstance
CoUninitialize
CLSIDFromProgID
OleGetClipboard
CoInitialize
ws2_32
WSAStartup
socket
htons
gethostbyname
connect
closesocket
WSAGetLastError
send
msimg32
GradientFill
version
GetFileVersionInfoW
secur32
GetUserNameExA
InitializeSecurityContextA
AcceptSecurityContext
EnumerateSecurityPackagesA
AcquireCredentialsHandleA
wtsapi32
WTSQuerySessionInformationW
WTSFreeMemory
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ddata Size: 170KB - Virtual size: 169KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ydata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ