Static task
static1
Behavioral task
behavioral1
Sample
36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118
-
Size
187KB
-
MD5
36644e0e2f9978ca12f1ac5e713d2889
-
SHA1
29d2b9d97ce41bb68df1121cd54a2170fc2c782a
-
SHA256
0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488
-
SHA512
2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf
-
SSDEEP
3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118
Files
-
36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118.exe windows:4 windows x86 arch:x86
b0c41ac90a4bb9ff870643f61482dfed
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentDirectoryW
GlobalLock
GlobalAlloc
CreateToolhelp32Snapshot
GlobalReAlloc
GlobalSize
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
LocalAlloc
LocalFree
CreateFileA
lstrcmpA
GetFileAttributesA
GetProcAddress
GetModuleFileNameA
GetTempPathA
DeleteFileA
CloseHandle
GetCurrentDirectoryA
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GlobalFree
GlobalUnlock
GetCurrentThread
lstrlenA
MulDiv
MultiByteToWideChar
FreeLibrary
RaiseException
LoadLibraryA
FormatMessageA
GetSystemDirectoryW
LoadLibraryExW
GetTickCount
GetLocaleInfoA
GetCPInfo
SetErrorMode
GetSystemDefaultLangID
GetVersion
lstrcmpiA
GetACP
user32
SetWindowLongA
DefWindowProcA
DestroyWindow
GetScrollPos
SetScrollRange
GetWindowLongA
GetParent
BringWindowToTop
GetScrollRange
UpdateWindow
ScrollWindow
SetScrollPos
GetClientRect
IntersectRect
OffsetRect
ShowCursor
MessageBeep
GetCapture
GetCursorPos
WindowFromPoint
SetCursor
SendMessageA
GetClassInfoExA
comctl32
PropertySheetA
comdlg32
GetOpenFileNameA
ChooseFontA
GetSaveFileNameA
CommDlgExtendedError
advapi32
RegQueryValueExW
RegEnumValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
ole32
OleUninitialize
BindMoniker
CoCreateInstance
OleInitialize
CoGetMalloc
StringFromGUID2
shlwapi
wnsprintfA
oleaut32
DispGetIDsOfNames
DispGetIDsOfNames
VarUI4FromDec
SetErrorInfo
Sections
.text Size: 142KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ