Static task
static1
Behavioral task
behavioral1
Sample
3fe1653ecf45e66482d92af49205bd39_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3fe1653ecf45e66482d92af49205bd39_JaffaCakes118.dll
Resource
win10v2004-20240704-en
General
-
Target
3fe1653ecf45e66482d92af49205bd39_JaffaCakes118
-
Size
134KB
-
MD5
3fe1653ecf45e66482d92af49205bd39
-
SHA1
3faac33824085e285b8dfe16eda1f9f3ffd42c6b
-
SHA256
052325de0f886e86613cb1a9909eff20f3609cf69648d7a1d15ce7331680b595
-
SHA512
d5f031033a8885df4a3a8717ed9aecd1f156e98146cd11c162b77689eba3c8c20b824f4ea9e6ab2a4f5c0f37307a0830c693a753099f19801388c2a1f7de8993
-
SSDEEP
3072:zZaCkkATccoBifhJ1C+LYpXKPuBEhVJOnkhAAIuS4/Dj:FaCJrc3lLYp6GBEVJEkhIuS4/Dj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3fe1653ecf45e66482d92af49205bd39_JaffaCakes118
Files
-
3fe1653ecf45e66482d92af49205bd39_JaffaCakes118.dll windows:1 windows x86 arch:x86
62c8fc6c8f266f6596ef4b20f9b5e0f7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ntoskrnl.exe
ExFreePoolWithTag
SeCreateClientSecurityFromSubjectContext
KeTickCount
IoGetCurrentProcess
SeLockSubjectContext
RtlVerifyVersionInfo
RtlAnsiCharToUnicodeChar
MmMapLockedPagesSpecifyCache
ExAllocatePoolWithTag
KeRemoveDeviceQueue
CcGetFlushedValidData
wcsncpy
_except_handler3
ExQueueWorkItem
strncmp
ObReferenceObjectByHandle
strstr
KeQueryTimeIncrement
KeBugCheckEx
MmCreateMdl
ZwQuerySystemInformation
strncpy
ObfReferenceObject
FsRtlLegalAnsiCharacterArray
DbgPrint
Sections
.data Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 640B - Virtual size: 635B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 192B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE