Bhjtjka
Sjtmgys
Brbxomw
AddXtsnxmrg
Static task
static1
Behavioral task
behavioral1
Sample
3661893a0973bf8a14c670ba642df357_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3661893a0973bf8a14c670ba642df357_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Target
3661893a0973bf8a14c670ba642df357_JaffaCakes118
Size
83KB
MD5
3661893a0973bf8a14c670ba642df357
SHA1
b99dacbd12d696339339201efc11da9a79ae5949
SHA256
e18bc911dbe0c10f8e8ae1e7df0bd0a0e50e4068e8293ab6bc94de82cfd2f27c
SHA512
9eb915afd9f59b178fb87bf670d4858481b9d87562353d245e7cb27d79a9589823fcb8e9304a34c5b2198043bd58089d90ea20859c1f91c124ce551ebd870294
SSDEEP
1536:842Oz4HVETFoFUuBw/r5EXHtv0znILg1PLQgDCZqERayc7l:8iz+VETLh1+HhqxuqEQycx
Checks for missing Authenticode signature.
Processes:
resource |
---|
3661893a0973bf8a14c670ba642df357_JaffaCakes118 |
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
GetProcAddress
FreeLibrary
GetTempFileNameA
CloseHandle
GetModuleHandleA
lstrcmpiA
GetCommandLineA
GetStartupInfoA
ExitProcess
RtlCopyLuidAndAttributesArray
RtlDeleteAce
RtlAddAuditAccessObjectAce
ZwImpersonateClientOfPort
RtlAreAnyAccessesGranted
RtlUnicodeStringToAnsiSize
NtQueryFullAttributesFile
ZwQuerySecurityObject
_wtoi
RtlAcquirePebLock
ZwCreateMailslotFile
ZwSetSystemEnvironmentValue
ZwResumeThread
ZwOpenDirectoryObject
RtlQueryProcessBackTraceInformation
NtResetWriteWatch
Bhjtjka
Sjtmgys
Brbxomw
AddXtsnxmrg
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ