Static task
static1
Behavioral task
behavioral1
Sample
30338df6c1ba25d28bd8dbce9edbe0df_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
30338df6c1ba25d28bd8dbce9edbe0df_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
30338df6c1ba25d28bd8dbce9edbe0df_JaffaCakes118
-
Size
108KB
-
MD5
30338df6c1ba25d28bd8dbce9edbe0df
-
SHA1
879e3d0b0360e4dbbf7b68bc0046fb51bc882feb
-
SHA256
2e8967c18ace73dfc751ecd44dbc80db28d6772c046c7778d459985050cecf16
-
SHA512
8be5f65117a8eb32eb77136767ca85172963cbc4c5536600ba1fe78b92190a29de776d59696116f68f3e536dbcd7ad2f3ae8a3d5bf28b30f02953d8576b24b45
-
SSDEEP
1536:XkrbsVfTT8Co91XQZ3MD3ZMNGupQBJsaPYIOXAig6JRxJEHp3B4d3i6EPwRvtOcv:XkXsVfTHqRy81MUuIzIRsHtiPtOcv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 30338df6c1ba25d28bd8dbce9edbe0df_JaffaCakes118
Files
-
30338df6c1ba25d28bd8dbce9edbe0df_JaffaCakes118.exe windows:4 windows x86 arch:x86
9d4a60ac44227ef41ccd31b6a63eb189
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
GetModuleHandleA
QueryPerformanceCounter
VirtualAlloc
GetSystemTime
CopyFileA
GetCommandLineA
lstrcmpiA
VirtualFree
GetWindowsDirectoryA
RemoveDirectoryA
GlobalFindAtomA
lstrcmpiW
lstrlenW
lstrcmpA
DeleteFileA
RemoveDirectoryW
FindClose
gdi32
GetPixel
DeleteObject
RectVisible
SelectObject
GetDeviceCaps
CreateFontIndirectA
GetTextMetricsA
GetClipBox
LineTo
CreatePalette
SetTextColor
SelectPalette
SetMapMode
CreateCompatibleDC
CreateSolidBrush
SaveDC
SetStretchBltMode
GetStockObject
SetTextAlign
RestoreDC
user32
GetParent
GetSystemMetrics
TranslateMessage
GetDC
CharNextA
GetDesktopWindow
glu32
gluNurbsCallback
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ