Static task
static1
Behavioral task
behavioral1
Sample
3b623a981ae398b5d77eda91ac1c375a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3b623a981ae398b5d77eda91ac1c375a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3b623a981ae398b5d77eda91ac1c375a_JaffaCakes118
-
Size
338KB
-
MD5
3b623a981ae398b5d77eda91ac1c375a
-
SHA1
81d4f0e0d53e43464611b30102210161105d8323
-
SHA256
1b56e07884c190c1ee815e84a6e527cb2b93e3f8790bbcd1c2ef7d4aacb64382
-
SHA512
68f425214a4bded25c32575b21e6cba38affb3e09530bc76fab9bd4c6d0333385672cb5933064e9b403d99e2ea2c8ae8fc86cae79b7b593cc8d47f42ebc3b7a0
-
SSDEEP
6144:tmBOVaoRt9H0d5GdPaN0HYZI9P3ldq5Vi5ar3TUb4xS07kdtP:traoRH0d58POMYgvlcVwijFYd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3b623a981ae398b5d77eda91ac1c375a_JaffaCakes118
Files
-
3b623a981ae398b5d77eda91ac1c375a_JaffaCakes118.exe windows:5 windows x86 arch:x86
7b0b2b9ec7791a099cf4f93b109ccded
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
odbc32
SQLSpecialColumnsW
SQLColAttributeW
SQLSetCursorNameA
SQLCopyDesc
SQLTablesA
SQLCloseCursor
SQLGetDescFieldW
SQLSetDescField
SQLDescribeColA
SQLNumParams
SQLCancel
SQLGetDiagFieldW
SQLDriverConnectW
SQLNumResultCols
ODBCGetTryWaitValue
SQLSetStmtOption
SQLConnectW
SQLGetCursorNameA
SQLGetEnvAttr
SQLSetPos
SQLGetConnectOptionA
SQLPrimaryKeysW
SQLColumnPrivilegesW
SQLSetCursorNameW
samlib
SamConnectWithCreds
SamQueryInformationUser
SamQueryInformationGroup
SamTestPrivateFunctionsUser
SamRemoveMemberFromAlias
SamiSetDSRMPasswordOWF
SamLookupNamesInDomain
SamiSetDSRMPassword
SamChangePasswordUser3
SamOpenDomain
SamQueryInformationAlias
SamConnect
SamiChangePasswordUser2
SamEnumerateGroupsInDomain
SamRemoveMemberFromGroup
SamCreateAliasInDomain
wininet
FtpCommandW
InternetGetCookieExA
InternetOpenUrlA
UnlockUrlCacheEntryStream
InternetSetOptionExW
SetUrlCacheEntryInfoA
GopherGetLocatorTypeW
InternetQueryOptionA
FtpGetFileSize
InternetGoOnlineW
InternetGetLastResponseInfoW
CreateUrlCacheGroup
InternetAutodialHangup
SetUrlCacheEntryGroupW
GetUrlCacheGroupAttributeA
InternetReadFileExA
GopherOpenFileW
ForceNexusLookup
InternetReadFile
ShowClientAuthCerts
InternetCreateUrlW
userenv
GetGPOListA
GetProfilesDirectoryW
ProcessGroupPolicyCompletedEx
GetAppliedGPOListA
RefreshPolicy
ExpandEnvironmentStringsForUserW
RsopAccessCheckByType
DestroyEnvironmentBlock
FreeGPOListW
UnregisterGPNotification
RefreshPolicyEx
GetProfileType
GetNextFgPolicyRefreshInfo
GetDefaultUserProfileDirectoryW
UnloadUserProfile
RsopResetPolicySettingStatus
FreeGPOListA
GetDefaultUserProfileDirectoryA
ProcessGroupPolicyCompleted
EnterCriticalPolicySection
kernel32
GetFileInformationByHandle
GetFileAttributesW
GlobalGetAtomNameA
LoadLibraryA
CreateMutexW
lstrcatW
GetCurrentActCtx
GetProcessHeaps
PrepareTape
VirtualAlloc
QueryPerformanceCounter
CreateNamedPipeW
GlobalDeleteAtom
EnumSystemLocalesA
CreateFileMappingA
GetSystemDefaultLangID
CreateMailslotA
GlobalFlags
GetCurrentThread
GetEnvironmentStringsA
GlobalWire
GetStartupInfoA
wldap32
ldap_compare_sA
ldap_unbind_s
ldap_sasl_bind_sW
ldap_create_vlv_controlA
ldap_add_sA
ldap_modrdn2
ldap_search_s
ldap_next_attribute
ber_bvfree
ldap_extended_operation
ldap_compare_ext
ldap_parse_page_controlA
ldap_encode_sort_controlA
ldap_ufn2dnA
ber_free
Sections
.text Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 213KB - Virtual size: 212KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ