Static task
static1
Behavioral task
behavioral1
Sample
a1a06487fdcdfca786b98aa3f0901d99_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
a1a06487fdcdfca786b98aa3f0901d99_JaffaCakes118
-
Size
936KB
-
MD5
a1a06487fdcdfca786b98aa3f0901d99
-
SHA1
ff2068bdc71f8a44729e505212156190955369cd
-
SHA256
9e6d3ed5718299d162edf58ff3c70284e22aaf0440597461706aa86c5ea46488
-
SHA512
32f85f2aaeb02dc634bf323948efa11378e0c78aad7c429618d21aea0bc8277bdb6ccb3e84b2b1ef27b9e6890dd5f75f6fb2c750105487134e1fe48f2ba1383b
-
SSDEEP
24576:rgW5FE16tI4hsJO21bvNHPpHVfC5zQC7UdhGMGTBR:sW5FEIOesw2tvCbPTBR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a1a06487fdcdfca786b98aa3f0901d99_JaffaCakes118
Files
-
a1a06487fdcdfca786b98aa3f0901d99_JaffaCakes118.exe windows:5 windows x86 arch:x86
9cfe941c0e4606a36e38a14776cf6add
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
UnmapViewOfFile
HeapValidate
HeapSize
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
OutputDebugStringA
LoadLibraryW
HeapAlloc
HeapDestroy
UnlockFile
GetProcAddress
LeaveCriticalSection
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
AreFileApisANSI
lstrcmpW
WideCharToMultiByte
CopyFileW
FreeLibrary
ExitProcess
LocalFree
SetFilePointerEx
LockFile
CreateThread
CloseHandle
DeleteFileW
GetFileAttributesExW
MultiByteToWideChar
GetFileAttributesW
CreateFileW
FindClose
lstrlenA
WaitForMultipleObjects
RemoveDirectoryW
WriteFile
lstrlenW
FindNextFileW
GetFileSizeEx
FindFirstFileW
ReadFile
GetSystemInfo
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetCurrentDirectoryW
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetModuleFileNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
GetEnvironmentVariableA
MoveFileExA
GetStdHandle
GetFileType
PeekNamedPipe
SetLastError
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
user32
wsprintfW
GetDesktopWindow
wsprintfA
advapi32
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyW
GetUserNameA
RegQueryValueExW
shell32
SHGetFolderPathW
crypt32
CertFreeCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CryptUnprotectData
CryptStringToBinaryA
CertFindExtension
CertGetNameStringA
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
iphlpapi
GetAdaptersInfo
shlwapi
PathRemoveFileSpecW
PathFindExtensionW
StrStrW
wnsprintfW
bcrypt
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDecrypt
ws2_32
accept
WSACleanup
htonl
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
ioctlsocket
__WSAFDIsSet
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
WSAStartup
listen
select
wldap32
ord41
ord50
ord45
ord60
ord211
ord46
ord22
ord143
ord301
ord200
ord30
ord79
ord35
ord26
ord27
ord217
ord32
ord33
normaliz
IdnToAscii
Sections
.text Size: 751KB - Virtual size: 750KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 146KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 476B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ