Static task
static1
Behavioral task
behavioral1
Sample
26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118
-
Size
253KB
-
MD5
26fe3f29f0e7e3327db27da0808498e9
-
SHA1
c8a1b7822961e1463c27b543ff2ac7e354e3b105
-
SHA256
ba661a55ac807edfa9af6603079300abb304f2c5ae156f06deacc52137455d01
-
SHA512
f404d9c3bab18f873dc705944c1b942abb4cff3b687c94f4477920b005a42841396ca7a5e573048aa6bbdec2d5d572aa2601bd513b043eee031ad41a44f5946d
-
SSDEEP
6144:ratXEDBtSYH1j24ZqskT7wtEPeRVp8axV:UXEDBtSYVj24ZqskTGV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118
Files
-
26fe3f29f0e7e3327db27da0808498e9_JaffaCakes118.exe windows:4 windows x86 arch:x86
c6505a43f03764e5bb264a2c0c77f353
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
cygcrypt-0
crypt
cygcurl-3
curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_global_cleanup
curl_global_init
cygwin1
__assert
__errno
__main
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_impure_ptr
_lseek64
_lstat64
_mmap64
_open64
_setgid32
_setgroups32
_setuid32
_stat64
abort
accept
alarm
atof
atoi
bind
calloc
chdir
chroot
close
closedir
connect
cygwin_internal
dll_crt0__FP11per_process
dup
exit
fclose
fflush
fgetc
fgets
fileno
fork
fprintf
fputc
fputs
free
fwrite
gethostbyname
getopt
getpeername
getpid
getpwnam
getrlimit
getrusage
getsockname
getsockopt
gettimeofday
h_errno
ioctl
isatty
kill
link
listen
localtime
malloc
memcpy
memset
mktime
munmap
opendir
optarg
optind
pathconf
posix_regcomp
posix_regexec
posix_regfree
printf
putchar
puts
raise
rand
read
readdir
realloc
remove
rename
rmdir
select
setrlimit
setsid
setsockopt
shutdown
sigaction
sigaddset
sigemptyset
sigfillset
signal
sigprocmask
sleep
snprintf
socket
socketpair
sprintf
srand
sscanf
statvfs
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncat
strncpy
strrchr
strsignal
strstr
strtol
tcgetattr
tcsetattr
time
uname
unlink
usleep
vprintf
vsnprintf
waitpid
write
_fcntl64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_lseek64
_lstat64
_mmap64
_open64
posix_regcomp
posix_regexec
posix_regfree
_setgid32
_setgroups32
_setuid32
_stat64
__getreent
pthread_create
pthread_detach
h_errno
advapi32
AdjustTokenPrivileges
GetUserNameA
InitiateSystemShutdownA
LookupPrivilegeValueA
OpenProcessToken
kernel32
CloseHandle
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DuplicateHandle
FormatMessageA
GetCurrentDirectoryA
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
GetVersionExA
GlobalMemoryStatus
Module32First
OpenProcess
Process32First
Process32Next
ReadFile
SetHandleInformation
Sleep
TerminateProcess
WriteFile
shell32
ShellExecuteA
user32
wsprintfA
winmm
mciSendStringA
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 10KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE