Static task
static1
Behavioral task
behavioral1
Sample
18212589d0559b26cefa74f3e6520b8f_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
18212589d0559b26cefa74f3e6520b8f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
18212589d0559b26cefa74f3e6520b8f_JaffaCakes118
-
Size
87KB
-
MD5
18212589d0559b26cefa74f3e6520b8f
-
SHA1
398f2ded53ccf322b37eefb397d6034ae59a818c
-
SHA256
6835dc6096723630c7a262f7d62a486a5c16ebfd89dbf8d79142881a9862d457
-
SHA512
9f2874e4f48347e0847c304cf0c2aac99194395aff98a2c37439972ea805bf6b7e4f18180675e8a802ce60358efb59b033ffd7bd61cba8cdc5fd7adc91e92bf6
-
SSDEEP
1536:qx5OzEbastuELOxqRVi6OpOKdWM3ykv4NOY9OhWXkT4eRraU1qQjpe/rseMhO:qx53astuELOACf93ykvwmWUTxwU0QjM6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 18212589d0559b26cefa74f3e6520b8f_JaffaCakes118
Files
-
18212589d0559b26cefa74f3e6520b8f_JaffaCakes118.exe windows:4 windows x86 arch:x86
aa189b01225a9a20704d9702586e8eda
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
user32
SetWindowPos
UnhookWindowsHookEx
GetSysColor
GetScrollPos
FrameRect
EnumWindows
EnableMenuItem
GetSysColorBrush
PostQuitMessage
GetMessageA
EqualRect
SetWindowTextA
GetSubMenu
kernel32
GetACP
GetSystemTime
GetStartupInfoA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetThreadLocale
RtlUnwind
FileTimeToSystemTime
InterlockedExchange
GetTempPathA
GetOEMCP
ExitProcess
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetFileAttributesA
VirtualAllocEx
gdi32
CreateICW
GetMapMode
ExcludeClipRect
SelectClipPath
SetViewportExtEx
DPtoLP
CreateCompatibleBitmap
FillRgn
CopyEnhMetaFileA
ole32
CoRevokeClassObject
StgOpenStorage
CoTaskMemRealloc
OleRun
CoInitialize
CoInitializeSecurity
StringFromGUID2
DoDragDrop
CoCreateInstance
advapi32
QueryServiceStatus
GetSecurityDescriptorDacl
RegCreateKeyExW
RegCreateKeyA
CryptHashData
CheckTokenMembership
FreeSid
GetUserNameA
RegQueryValueExW
AdjustTokenPrivileges
msvcrt
_flsbuf
_mbscmp
raise
fprintf
signal
iswspace
_fdopen
strcspn
strlen
__getmainargs
_lock
fflush
puts
strncpy
__initenv
_CIpow
__setusermatherr
_strdup
comctl32
ImageList_SetIconSize
ImageList_DragEnter
ImageList_LoadImageW
ImageList_Destroy
ImageList_DrawEx
CreatePropertySheetPageA
InitCommonControls
ImageList_ReplaceIcon
ImageList_Write
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_GetIcon
ImageList_LoadImageA
shell32
ShellExecuteEx
SHGetPathFromIDList
ShellExecuteW
DragQueryFileW
SHBrowseForFolderA
DragAcceptFiles
ExtractIconExW
DragQueryFileA
CommandLineToArgvW
DoEnvironmentSubstW
ExtractIconW
oleaut32
VariantCopy
SafeArrayPtrOfIndex
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayGetUBound
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE