Static task
static1
Behavioral task
behavioral1
Sample
3aa14040f7bc64a535082105bd87b621_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3aa14040f7bc64a535082105bd87b621_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3aa14040f7bc64a535082105bd87b621_JaffaCakes118
-
Size
264KB
-
MD5
3aa14040f7bc64a535082105bd87b621
-
SHA1
d694e944076ed65e109df6fcab52c9e57920bcc3
-
SHA256
7c3c5dc14117b6cc92ae7311295643b0783d358d57b7167fac7af1af0a33ad98
-
SHA512
63a4aa65586d5ab2c44bbecb35b109e1d58b22f91568edf4fb7d4cecdb488219c6ce47d30c55351535cd12a280915ddf068a41970981933860a7145861950e87
-
SSDEEP
3072:a3QvREuSW45F3lXjMYS0wuiLFButhqaqhUI5Gd4lbIPRQGiO3+Q/mBb4Nel0I:HvRgtFXAR0riLUgLzsd7Q8OQ/mV4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3aa14040f7bc64a535082105bd87b621_JaffaCakes118
Files
-
3aa14040f7bc64a535082105bd87b621_JaffaCakes118.exe windows:4 windows x86 arch:x86
0fcb4c1e82c3908d5fd0b5251d61b6b8
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
ntohl
ntohs
select
shutdown
recv
closesocket
inet_addr
connect
socket
htons
WSAGetLastError
gethostbyname
WSACleanup
WSAStartup
send
kernel32
VirtualQueryEx
GetSystemTime
GetDiskFreeSpaceExA
GetCurrentThreadId
GetSystemInfo
GlobalMemoryStatus
FindCloseChangeNotification
GetSystemDirectoryW
GetVersionExA
VirtualFree
DuplicateHandle
FreeLibrary
CreateThread
SetThreadPriority
LoadResource
FindResourceA
SizeofResource
GetVolumeInformationA
GetDriveTypeA
GetWindowsDirectoryW
GetCurrentProcess
GetFileSize
HeapSize
ReadFile
GetFileType
GetStdHandle
GetStartupInfoA
GetVersion
GetCommandLineA
SetHandleCount
ExitProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
MultiByteToWideChar
VirtualProtectEx
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
WriteProcessMemory
VirtualAllocEx
SetEndOfFile
GetOEMCP
GetTempPathA
GetTempFileNameA
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
TerminateThread
GetCurrentProcessId
GetTickCount
Sleep
GetModuleFileNameA
SetErrorMode
DeviceIoControl
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
OpenProcess
CreateFileW
TerminateProcess
UnmapViewOfFile
ResumeThread
GetModuleHandleA
ReadProcessMemory
LockResource
LoadLibraryA
GetLastError
GetProcAddress
GetACP
RtlUnwind
FreeConsole
CreateProcessA
CreateEventA
WaitForSingleObject
SetEvent
GetSystemDirectoryA
CreateFileA
CreateFileMappingA
CloseHandle
MapViewOfFile
SetStdHandle
LCMapStringA
LCMapStringW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
user32
GetUserObjectSecurity
EnumWindowStationsA
CloseWindowStation
CloseDesktop
UnregisterClassA
SetUserObjectSecurity
EnumDesktopsA
ReleaseDC
GetDC
CreateWindowExA
RegisterClassA
SetThreadDesktop
DestroyWindow
SetForegroundWindow
ExitWindowsEx
GetDesktopWindow
GetUserObjectInformationA
SetFocus
DefWindowProcA
ShowWindow
GetWindowRect
ShowCursor
GetProcessWindowStation
DrawTextA
FillRect
SetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
OpenDesktopA
gdi32
GetStockObject
DeleteObject
SelectObject
SetBkColor
CreateSolidBrush
SetTextColor
GdiFlush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
comdlg32
GetFileTitleA
advapi32
LsaOpenPolicy
LsaEnumerateAccountRights
SetServiceStatus
RegisterServiceCtrlHandlerA
InitiateSystemShutdownA
RegOpenKeyA
ChangeServiceConfig2A
DeleteService
ControlService
StartServiceA
EnumServicesStatusA
QueryServiceConfigA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
CreateProcessAsUserA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueA
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
LookupAccountSidW
AllocateLocallyUniqueId
StartServiceCtrlDispatcherA
QueryServiceStatus
LsaClose
LsaFreeMemory
LookupPrivilegeValueW
LookupAccountNameW
GetTokenInformation
IsValidSid
GetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
OpenEventLogA
ClearEventLogA
CloseEventLog
RegSetValueExA
OpenServiceA
LookupAccountNameA
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
SetSecurityInfo
RegOpenKeyExA
RegCloseKey
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
netapi32
NetUserAdd
NetUserGetGroups
NetLocalGroupAddMembers
NetUserGetLocalGroups
NetApiBufferFree
psapi
EnumProcessModules
GetModuleInformation
EnumProcesses
GetModuleFileNameExA
wininet
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
dnsapi
DnsRecordListFree
DnsQuery_A
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
secur32
LsaEnumerateLogonSessions
LsaGetLogonSessionData
Sections
.text Size: 152KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ