Static task
static1
Behavioral task
behavioral1
Sample
482932063e35962a010c75ff3cb8a39c_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
482932063e35962a010c75ff3cb8a39c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
482932063e35962a010c75ff3cb8a39c_JaffaCakes118
-
Size
143KB
-
MD5
482932063e35962a010c75ff3cb8a39c
-
SHA1
c27664ed3e5d5e9e112d7e7794d584c0ac306fdd
-
SHA256
0f688bf504f22fd91fa9582ee77a02ce4042634b4ba5ea39390fd48b38f8d8ba
-
SHA512
f715227f3426c7c2bf25907941cc144c33f8f0f7afcdeb5d569242703d193c69c7095b63307186935f454a64d58b8c3739b9d3f53700726e290de8b77b3bdb40
-
SSDEEP
3072:Bvf/SToR6XFX5lk5VsY3/6NvVLDtE9cIV:ZfKTxh58VsYv+NntErV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 482932063e35962a010c75ff3cb8a39c_JaffaCakes118
Files
-
482932063e35962a010c75ff3cb8a39c_JaffaCakes118.exe windows:5 windows x86 arch:x86
3709f4e67da84c824f5a84036b744c79
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
ZwUnmapViewOfSection
NtQueryInformationProcess
ZwCreateThread
memcpy
memset
RtlUnwind
kernel32
SizeofResource
WriteProcessMemory
GetModuleFileNameA
LockResource
VirtualAllocEx
FindResourceA
SetThreadContext
LoadResource
GetCurrentThread
VirtualFree
VirtualAlloc
ReadProcessMemory
CreateProcessA
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 606B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 139KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ