Static task
static1
Behavioral task
behavioral1
Sample
4a2bfdab8a67ecba979071fc5a1af6cb_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4a2bfdab8a67ecba979071fc5a1af6cb_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4a2bfdab8a67ecba979071fc5a1af6cb_JaffaCakes118
-
Size
347KB
-
MD5
4a2bfdab8a67ecba979071fc5a1af6cb
-
SHA1
9ae670c5f0c2e5045e4147601fe0e33f55de58c6
-
SHA256
6a5b1d059e42be1b5f3f8cf2916971a2becd8e05b34b13f56fd1e0714886ae38
-
SHA512
1aa4d0b4501f5fba89d2eb55a7e486a3bafd168d2278eb6cd2ab56210e55ceaa05f53378913e1ee46dd724ea2d8f9b7ce821e5e956a76fd623f41dfb9e0d8217
-
SSDEEP
6144:9zA0J+2eqL/cq/BavbN1PAL3U8JIAfQdz1EmD0fUOXbCoEu1cTu0m:9hJ/hcqov8LE8i2sz1dDoB2oEUcy0m
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4a2bfdab8a67ecba979071fc5a1af6cb_JaffaCakes118
Files
-
4a2bfdab8a67ecba979071fc5a1af6cb_JaffaCakes118.exe windows:4 windows x86 arch:x86
8c500a638a920796c4948f79da8942e4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WritePrivateProfileSectionA
CreateDirectoryW
LocalLock
lstrcatW
CreateDirectoryA
WriteProcessMemory
GetUserDefaultLangID
GetTimeZoneInformation
WaitNamedPipeA
QueryDosDeviceA
GetLogicalDriveStringsA
CompareStringW
FreeEnvironmentStringsA
lstrcmpiA
GetTapeStatus
SwitchToFiber
IsValidLocale
CreateWaitableTimerA
SizeofResource
GetSystemDefaultLangID
CreateMutexA
SetThreadAffinityMask
GetFileInformationByHandle
GetProfileIntA
GetDiskFreeSpaceW
SetEvent
GlobalGetAtomNameW
GetModuleFileNameW
SetProcessAffinityMask
ExitProcess
user32
CreateMenu
EnumClipboardFormats
SetWindowTextW
HiliteMenuItem
LoadCursorW
SetDlgItemTextA
VkKeyScanA
DialogBoxIndirectParamA
TabbedTextOutA
ExitWindowsEx
gdi32
GetTextExtentPoint32A
MoveToEx
GetEnhMetaFileDescriptionA
StartPage
CreateDIBPatternBrush
WidenPath
RealizePalette
PtVisible
comdlg32
ChooseFontA
PrintDlgA
advapi32
LookupAccountSidW
IsValidAcl
GetSidSubAuthority
GetAclInformation
SetKernelObjectSecurity
RegDeleteKeyA
CryptAcquireContextW
RegQueryValueExA
RevertToSelf
CryptDestroyHash
LookupPrivilegeDisplayNameA
LookupAccountSidA
shell32
SHGetSpecialFolderPathW
ole32
OleGetIconOfClass
CoGetObject
CLSIDFromString
IIDFromString
oleaut32
SafeArrayGetLBound
SafeArrayGetElement
VariantChangeType
SafeArrayCreate
SafeArrayRedim
LoadTypeLi
SafeArrayUnaccessData
VariantCopy
SysFreeString
LoadTypeLibEx
comctl32
PropertySheetA
CreatePropertySheetPageW
ImageList_Create
ImageList_LoadImageA
shlwapi
StrRetToBufW
StrCpyNW
PathIsRootW
PathRemoveBackslashW
StrDupW
StrCmpW
msvcrt
_read
strcspn
_wsetlocale
ferror
difftime
_ismbblead
isprint
wcscpy
strftime
isxdigit
_wchmod
wcscmp
fgetws
isspace
_dup2
strchr
_chdir
_wcsicmp
_fsopen
getenv
gmtime
qsort
_getmbcp
_wcsdup
fputc
_umask
_mbsrchr
_putenv
ungetc
_filelength
_wsystem
atol
strncat
fgetwc
swscanf
wscanf
bsearch
fopen
isalnum
Sections
.text Size: 4KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE