Static task
static1
Behavioral task
behavioral1
Sample
2d30defee46fe2b8b95bf2ec666767f4_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2d30defee46fe2b8b95bf2ec666767f4_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2d30defee46fe2b8b95bf2ec666767f4_JaffaCakes118
-
Size
268KB
-
MD5
2d30defee46fe2b8b95bf2ec666767f4
-
SHA1
5134cbb38f6be490b8a39f2cea90d40186dbf0c6
-
SHA256
5f10432ba851bfcdca0136fe9906bf513c92039ecaf7c79c386fd8adfe32f2f0
-
SHA512
6269d2fed88cb4457e32d2ced0340b02dc866b14adf743dfb72b2bc332cbdbbe55c752222499d863bdf4ed2d290883847b52596986d861c13538e65fa33abaed
-
SSDEEP
6144:lyFXbK4tDJQ9+kgdHtxtmVp6I1ZESMqvMjufIng:cpWeKVBZoLjufV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d30defee46fe2b8b95bf2ec666767f4_JaffaCakes118
Files
-
2d30defee46fe2b8b95bf2ec666767f4_JaffaCakes118.exe windows:4 windows x86 arch:x86
bfa464a8ac5ae365fc3317eb8646efb6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenW
GetModuleHandleW
lstrcpynW
lstrlenA
CreateDirectoryW
GetTempPathW
LocalAlloc
RemoveDirectoryW
LocalFree
OpenEventW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
WaitForSingleObject
CreateEventW
FreeLibrary
ExpandEnvironmentStringsA
GetProcessHeap
GetProcAddress
user32
GetForegroundWindow
MoveWindow
IsWindow
GetTopWindow
OffsetRect
PostMessageW
SetWindowPos
SendMessageW
EnableWindow
gdi32
DeleteObject
CreatePatternBrush
CreateSolidBrush
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEllipticRgn
SetWinMetaFileBits
advapi32
AccessCheck
RegOpenKeyExA
RegQueryValueExA
OpenServiceW
StartServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetLengthSid
IsValidSecurityDescriptor
FreeSid
RevertToSelf
OpenProcessToken
OpenThreadToken
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateSelf
InitializeAcl
AllocateAndInitializeSid
SetSecurityDescriptorOwner
shell32
SHBrowseForFolderW
ShellExecuteW
usp10
UspFreeMem
ScriptGetFontProperties
ScriptCacheGetHeight
Sections
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.fHZ Size: 3KB - Virtual size: 515KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vPO Size: 3KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.YI Size: 2KB - Virtual size: 241KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tSu Size: 4KB - Virtual size: 785KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.es Size: 83KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xoS Size: 1024B - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.RdQw Size: 2KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 8KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.VjHqBi Size: 133KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gqM Size: 3KB - Virtual size: 455KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ooc Size: 5KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ