Static task
static1
Behavioral task
behavioral1
Sample
0971d66032eea65229912a66a407f0f4_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0971d66032eea65229912a66a407f0f4_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
0971d66032eea65229912a66a407f0f4_JaffaCakes118
-
Size
370KB
-
MD5
0971d66032eea65229912a66a407f0f4
-
SHA1
8596505166e950c404b8ee17dd2a75a4174a1d6f
-
SHA256
4f2fa7465b436705948981e5d7857513c41246750ac01bc06d5298193f328f71
-
SHA512
a3a2c497448679aeab45a7b3c1599c399c92a5d00f3ab866206b5dc1e7542406824fd8b444d0fa94eb659e9898879e220b4f6625f046d72678fcb7746c1a0cfc
-
SSDEEP
6144:SneX48vxqhd/fXttTk9f17rvQpDFyUF24z5IyGUksTBvSNlt0:SeI8v0hdHXXkl17424zvGFsTt6K
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0971d66032eea65229912a66a407f0f4_JaffaCakes118
Files
-
0971d66032eea65229912a66a407f0f4_JaffaCakes118.exe windows:4 windows x86 arch:x86
937a451b37e804f965eae1bdd83f40df
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeLibrary
GetProcAddress
VirtualFree
ReadFile
CloseHandle
VirtualAlloc
GetFileSize
CreateFileA
FreeResource
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GlobalFree
LoadLibraryExA
GlobalAlloc
WinExec
GetTempPathA
GetSystemDirectoryA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
user32
wvsprintfA
Sections
.text Size: 5KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 364KB - Virtual size: 368KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ