Static task
static1
Behavioral task
behavioral1
Sample
370fc5cc3498dcd868588017e37f2f1a_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
370fc5cc3498dcd868588017e37f2f1a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
370fc5cc3498dcd868588017e37f2f1a_JaffaCakes118
-
Size
78KB
-
MD5
370fc5cc3498dcd868588017e37f2f1a
-
SHA1
09047b4743c5ef35fe3a97f0c0a6ba28b9b9bd9a
-
SHA256
2403bafe97b8b26ed23b0fc7a8e1c9e69ee1bfd0be81f4a7351b303ded72d801
-
SHA512
b65876760290a9aa764b90a782bc9cbece3bbf8863abae7cbb596ffb2655a27a76e93b2a8aa3f7e1662176ca3b87781739aab1979e4b8d3887009ebf095705a8
-
SSDEEP
192:gZCbPqsbRfVx41hDJHVlU+KD1XZjpKvQlfk9VO7cdsJ5XT1SfN:fPz4PDJHE+wBZ1KvQOI3vj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 370fc5cc3498dcd868588017e37f2f1a_JaffaCakes118
Files
-
370fc5cc3498dcd868588017e37f2f1a_JaffaCakes118.exe windows:4 windows x86 arch:x86
fa1e890e191af080e29d4adf0148e2c6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTempPathA
CopyFileA
WinExec
Sleep
WaitForMultipleObjects
OpenProcess
ExitProcess
GetCommandLineA
WaitForSingleObject
CloseHandle
CreateProcessA
GetStdHandle
ExpandEnvironmentStringsA
GlobalFree
WriteFile
CreateFileA
GlobalAlloc
DeleteFileA
FreeLibrary
FreeResource
GlobalUnlock
LockResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryA
GetModuleHandleA
GetProcAddress
shlwapi
StrToIntA
shell32
ShellExecuteA
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 860B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ