Static task
static1
Behavioral task
behavioral1
Sample
2aabd7dbf5767c6c0bfd31606017221d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2aabd7dbf5767c6c0bfd31606017221d_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2aabd7dbf5767c6c0bfd31606017221d_JaffaCakes118
-
Size
2.6MB
-
MD5
2aabd7dbf5767c6c0bfd31606017221d
-
SHA1
8811f0f0fe142f2a30712b7662e32fbbe6791bbd
-
SHA256
2d2c58a4ffc1b331ca2162b85016992401584fb6e48da2b524f51f7a348c07d2
-
SHA512
1cffa1c1edcc3b499258bd6ac22b024703a7dad5ac9d4ed6c8bc10495c0469c57cec9f81950903f408ba35685d3b22bac068ee348c990bdad5086fd684f46637
-
SSDEEP
49152:LVe9LKQGqLjJ+9KCs2E8EUxuSAMgD7wixWD7RchQ3Vw9Ls70rS36DTYVIorAsVp4:LVyKRqfcyyESAMgDLx563VG4fMkmPomE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2aabd7dbf5767c6c0bfd31606017221d_JaffaCakes118
Files
-
2aabd7dbf5767c6c0bfd31606017221d_JaffaCakes118.exe windows:4 windows x86 arch:x86
7eb0368a95d9c1ff8ccc1e17e262a7aa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CloseServiceHandle
FreeSid
RegCloseKey
RegFlushKey
RegQueryValueA
RegQueryValueExA
SetSecurityDescriptorDacl
kernel32
CreateFileMappingA
CreateMutexA
CreateThread
DeleteCriticalSection
DeleteFileA
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
FreeLibrary
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcessHeap
GetShortPathNameA
GetStdHandle
GetStringTypeA
GetTempFileNameA
GetTimeFormatA
GetVersionExA
GlobalHandle
GlobalReAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LockResource
Module32Next
MoveFileExA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
RemoveDirectoryA
ResumeThread
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
UnhandledExceptionFilter
VirtualAlloc
WaitForSingleObject
lstrcatA
lstrcmpA
lstrcpyA
user32
CallWindowProcA
CreatePopupMenu
DefWindowProcA
EndDialog
EnumChildWindows
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetProcessWindowStation
GetSysColor
GetSystemMenu
GetWindow
GetWindowRect
InvalidateRect
IsIconic
IsWindow
LoadCursorA
LoadImageA
MessageBoxA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemInt
SetTimer
SetWindowTextA
ShowWindow
SystemParametersInfoA
wsprintfA
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.CRT Size: 2.6MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ