Static task
static1
Behavioral task
behavioral1
Sample
49131031883ef8af98d3c7b0ebd15299_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
49131031883ef8af98d3c7b0ebd15299_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
49131031883ef8af98d3c7b0ebd15299_JaffaCakes118
-
Size
7KB
-
MD5
49131031883ef8af98d3c7b0ebd15299
-
SHA1
93b2c780e3084d5bb40abdf244a8bc13ca513567
-
SHA256
890b2460cc3bf0718855f82a72d8ee2c1b0d25b86b9a8b061da8e74054445775
-
SHA512
6f989ee937bf7c4e1fdc30abea1d0e51d318e145febfaff1954198695298a068a091a31c6e79cc5e160f60d5a3c023cc5549801d363f43b547b724ebc5e3b1f8
-
SSDEEP
96:wleTvRp+HHLG18RfzNyM3nEC5E4KSja3dLNDVltkfC13dPHo2LEIO16r/vcOme:95SHqyNyGnVvKSWRptkqfPMIO1+/v8e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 49131031883ef8af98d3c7b0ebd15299_JaffaCakes118
Files
-
49131031883ef8af98d3c7b0ebd15299_JaffaCakes118.exe windows:4 windows x86 arch:x86
534b64c7ff2011bb9e35599f2b766adf
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleFileNameW
WideCharToMultiByte
lstrcpyA
lstrcatA
CreateEventA
WaitForSingleObject
HeapAlloc
HeapFree
ReadFile
CloseHandle
GetModuleHandleA
SetEvent
CreateThread
GetProcAddress
ExitThread
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
InterlockedExchange
VirtualQuery
GetProcessHeap
ExitProcess
PulseEvent
user32
PeekMessageA
DispatchMessageA
TranslateMessage
CreateWindowExA
DestroyWindow
ShowWindow
GetParent
GetDesktopWindow
MsgWaitForMultipleObjects
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE