Static task
static1
Behavioral task
behavioral1
Sample
4a68047fd1a393f78c1cda639dec08e6_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4a68047fd1a393f78c1cda639dec08e6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4a68047fd1a393f78c1cda639dec08e6_JaffaCakes118
-
Size
113KB
-
MD5
4a68047fd1a393f78c1cda639dec08e6
-
SHA1
76afebf7d6597c76ecf0b6aafc42e2bc792dd332
-
SHA256
3161fe5dc50cbcdd61da368369040a03a193df8dca0488cab969162cea63acad
-
SHA512
f28783ddc062e359adf3995f1336d1e95923c39b5d5983ea906521b86517b815db0b8cd96a71c1a7fa460b77b33a5b2fe015307a8f176c1aac9d88b3ce657c87
-
SSDEEP
3072:xyDZhSswytvt3VinlG5kkTD5wH+1/CZ+WWlEjn:+nxV4oCZ+w
Malware Config
Signatures
Files
-
4a68047fd1a393f78c1cda639dec08e6_JaffaCakes118.exe windows:4 windows x86 arch:x86
bcc571c4fa116be1d52642c2cb9bb23f
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01/08/1996, 00:00Not After31/12/2020, 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06/08/2003, 00:00Not After05/08/2013, 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
40:2e:64Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before08/11/2005, 07:58Not After08/11/2007, 07:58SubjectCN=Haru Communication,OU=Software Development Department,O=Haru Communication,L=Goyang-Si,ST=GYEONGGI-DO,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
DeleteUrlCacheEntry
urlmon
URLDownloadToFileA
kernel32
CompareStringA
SetEndOfFile
SetStdHandle
DeleteFileA
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
TerminateProcess
GetExitCodeProcess
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
InterlockedDecrement
GetFullPathNameA
lstrlenA
GetFileAttributesA
lstrcmpiA
CompareStringW
WriteFile
CreateFileA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemDirectoryA
Sleep
GetLastError
CreateMutexA
GetShortPathNameA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
ReadFile
GetFileType
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
HeapSize
CloseHandle
FlushFileBuffers
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
HeapCreate
HeapDestroy
GetCurrentProcess
RaiseException
ExitProcess
GetVersion
GetCommandLineA
WideCharToMultiByte
LocalFree
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
user32
FindWindowA
wsprintfA
GetWindowThreadProcessId
DialogBoxParamA
EnumWindows
SetWindowTextA
SendMessageA
EndDialog
GetDlgItem
advapi32
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
shell32
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ole32
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
CoUninitialize
oleaut32
SysFreeString
VariantClear
SysAllocString
Sections
.text Size: 76KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ