Static task
static1
Behavioral task
behavioral1
Sample
001d72c5952a76abc4565a988bd8619e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
001d72c5952a76abc4565a988bd8619e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
001d72c5952a76abc4565a988bd8619e_JaffaCakes118
-
Size
16KB
-
MD5
001d72c5952a76abc4565a988bd8619e
-
SHA1
6ec0ec090303f7f141881f2e14c54b9dbf56fcba
-
SHA256
71ff0bfeb5d617e7d4c4b0a268b4932e821196377aee506a28da5c81b8caa14f
-
SHA512
fea51e998019352f23c6bfa2e9fcc4d4d3e26978138846b9d6a3d0565d79098ff2a31007968436ebd328e32a96c7734768c01b37a3ea8fbb4b049805faefb64a
-
SSDEEP
384:SQZQPx8/F3kmg6sP3fOvk9+ZK7DFnP7EEQZw:fZQPx8/R6nffkkkZK7DFnjENO
Malware Config
Signatures
Files
-
001d72c5952a76abc4565a988bd8619e_JaffaCakes118.exe windows:4 windows x86 arch:x86
81776aa5d60a9575a27d5f1795fed6bf
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:78:07:93:58:f2:3d:27:47:8e:02:79:b6:df:a1:c8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before13-09-2006 00:00Not After12-09-2008 23:59SubjectCN=PRISPARKY LDA,OU=massimiliano sgrò,O=PRISPARKY LDA,L=madeira,ST=portugal,C=PTExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
EnumWindows
wsprintfA
MessageBoxA
FindWindowExA
kernel32
GetProcessHeap
GetVersionExA
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
LocalFree
MultiByteToWideChar
Sleep
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetModuleHandleA
GetModuleFileNameA
GetCommandLineA
ExitProcess
DeleteFileA
CreateProcessA
LocalAlloc
shell32
SHGetSpecialFolderPathA
winmm
timeGetTime
advapi32
RegDeleteValueA
RegOpenKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegQueryValueExA
ole32
CoUninitialize
CoInitialize
gdi32
CreateSolidBrush
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE