Static task
static1
Behavioral task
behavioral1
Sample
29cac4bf90f7a55095982ec171cc3750_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
29cac4bf90f7a55095982ec171cc3750_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
29cac4bf90f7a55095982ec171cc3750_JaffaCakes118
-
Size
123KB
-
MD5
29cac4bf90f7a55095982ec171cc3750
-
SHA1
42899c4064e6145ee94db945494a69b20e05ac3e
-
SHA256
31e91a476e854f8897e033b841421726621bd90399e929008a2a464a80b387f8
-
SHA512
05e98cb6c630553c84845d33811456485e154f1460ba6abcd388eeaf39ea37063b169e0714238e6fea747ed6e9e8d9e39e52b0c365f0e3d22f01e58f392b17a9
-
SSDEEP
3072:7+PJGk/HheRS+Amccz4lH+oZ9Ot+M41ohfzIR:7YH/BeDAmidZQt+M41oZkR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29cac4bf90f7a55095982ec171cc3750_JaffaCakes118
Files
-
29cac4bf90f7a55095982ec171cc3750_JaffaCakes118.dll windows:1 windows x86 arch:x86
e36e593f7a2c5049a3c14f151f2b6efe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ntoskrnl.exe
MmMarkPhysicalMemoryAsGood
ZwQuerySystemInformation
strncmp
IoGetBaseFileSystemDeviceObject
ExAllocatePoolWithTag
RtlAnsiCharToUnicodeChar
strstr
DbgPrint
ExFreePoolWithTag
strncpy
DbgPrompt
_except_handler3
isupper
KeBugCheckEx
ExExtendZone
Sections
.data Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 640B - Virtual size: 629B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 480B - Virtual size: 462B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 160B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE