Static task
static1
Behavioral task
behavioral1
Sample
注册安全工程师/fb.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
注册安全工程师/fb.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
注册安全工程师/我的考题.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
注册安全工程师/我的考题.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
注册安全工程师/更新辅助.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
注册安全工程师/更新辅助.exe
Resource
win10v2004-20240709-en
General
-
Target
3f8e8a800d8f3c9b9c2f78951ab55df5_JaffaCakes118
-
Size
7.8MB
-
MD5
3f8e8a800d8f3c9b9c2f78951ab55df5
-
SHA1
8493837f85c3e9c5044f54acd183ea843f0d687a
-
SHA256
904c825426fcb95b2974512c937032696ce96cd89fa713c7ac24227be53f15e4
-
SHA512
a697a00b76ef8e246455b53a56a3fd3fd7a4989657efcb91e1fe2f978ef51fe32fa4283cd242fca722c80f0ca8a6267c81cb7d86d492884a66fe87982e821d57
-
SSDEEP
196608:YFB7HqERReR+UIfRVGnmQeO1E2T9QHWqnw0pIh:sUEHe4UcGm9XWyppQ
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/注册安全工程师/我的考题.exe unpack001/注册安全工程师/更新辅助.exe
Files
-
3f8e8a800d8f3c9b9c2f78951ab55df5_JaffaCakes118.rar
-
注册安全工程师/fb.dll
-
注册安全工程师/gr.accdb
-
注册安全工程师/我的考题.exe.exe windows:5 windows x86 arch:x86
4710e694cbc904bbde58b1960e1a3f6b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xcpad Size: - Virtual size: 1.6MB
.idata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
注册安全工程师/无法使用看这里.txt
-
注册安全工程师/更新辅助.exe.exe windows:5 windows x86 arch:x86
4710e694cbc904bbde58b1960e1a3f6b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xcpad Size: - Virtual size: 216KB
.idata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 161KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ