Behavioral task
behavioral1
Sample
046000a804cf283daf0c9cdd3fbecad0_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
046000a804cf283daf0c9cdd3fbecad0_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
046000a804cf283daf0c9cdd3fbecad0_JaffaCakes118
-
Size
348KB
-
MD5
046000a804cf283daf0c9cdd3fbecad0
-
SHA1
54161eb1cdbbca736447d03d0cdae7e153039e0e
-
SHA256
5341dfd55d781495b5a04eab350ccc5af1f8c4beb44f9386f33cfce057c6eca2
-
SHA512
b6ec8540df54f943199b5aba7c165e4b475e226f6b9403ddb7b0f7ec144f45d84194c9ef2b45547b8c2d7b83a9848354ff2be0f1f51aaedb7d3f31dd40bc3a93
-
SSDEEP
6144:KZP6ECMIMSpfhchiq40BR3WxzpmGvv4tOT8H/:KZP61NMaY540BR3WxzpnvwtOTA
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 046000a804cf283daf0c9cdd3fbecad0_JaffaCakes118
Files
-
046000a804cf283daf0c9cdd3fbecad0_JaffaCakes118.exe windows:5 windows x86 arch:x86
19625a3571bca1e595bd25a5ed35dcbf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
kernel32
CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
CopyFileA
SetFileAttributesA
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
SetLastError
Sleep
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
MultiByteToWideChar
GetProcessHeap
VirtualProtectEx
LocalFree
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
WriteFile
GetTickCount
CreateFileA
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
Process32First
GetComputerNameA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
CompareStringA
InterlockedExchange
InitializeCriticalSection
HeapFree
VirtualAlloc
VirtualFree
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
user32
FindWindowA
IsWindow
GetWindowThreadProcessId
SwitchToThisWindow
IsCharAlphaNumericA
IsCharAlphaA
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
GetForegroundWindow
BlockInput
GetWindowTextA
SendMessageA
FindWindowExA
keybd_event
RealGetWindowClassA
SetFocus
SetForegroundWindow
IsWindowVisible
VkKeyScanW
SendInput
MapVirtualKeyA
VkKeyScanA
GetMenuItemID
PostMessageA
advapi32
IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegQueryValueExA
shell32
ShellExecuteA
ShellExecuteExA
SHChangeNotify
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SysAllocString
VariantClear
VariantInit
ws2_32
recv
select
send
gethostbyname
closesocket
socket
WSACleanup
WSAGetLastError
inet_addr
WSAStartup
connect
htonl
ntohl
inet_ntoa
gethostname
ioctlsocket
setsockopt
htons
ntdll
NtQuerySystemInformation
ZwSystemDebugControl
shlwapi
SHDeleteKeyA
mpr
WNetCancelConnectionA
Sections
.text Size: 294KB - Virtual size: 293KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE