Static task
static1
Behavioral task
behavioral1
Sample
4b14598eda216b84e60d46f2d8eb302a_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4b14598eda216b84e60d46f2d8eb302a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
4b14598eda216b84e60d46f2d8eb302a_JaffaCakes118
-
Size
538KB
-
MD5
4b14598eda216b84e60d46f2d8eb302a
-
SHA1
0a54d5b4ac94f2343bde8aaf881344b91ef825ff
-
SHA256
b594f8b04e0a4be16f989233ee7993d4ba4c1975be7e2c2c9c1932166fcaeb02
-
SHA512
6b3d4e170fc1e47fc9a16e3d20b536ea0893edc105ce38d983eeef36274d215991a7c9146a8c19f1f49c610ad789610fb2e245d0a334daed363dadf48f84282f
-
SSDEEP
12288:bK+5DBC9kVhj2Fix32bSiliEU+2DAJ/NwOPjr27U:lxvqKTil12DAJNL4U
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4b14598eda216b84e60d46f2d8eb302a_JaffaCakes118
Files
-
4b14598eda216b84e60d46f2d8eb302a_JaffaCakes118.exe windows:4 windows x86 arch:x86
55f3759b3a25ac4c8c0dcf211567101e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetCommMask
lstrcmpiA
GetProfileStringA
IsValidLocale
SetProcessWorkingSetSize
VirtualQuery
LoadLibraryExA
SetConsoleMode
SetSystemTime
ExitThread
GetConsoleMode
CompareStringA
MultiByteToWideChar
GetSystemDefaultLangID
GetFullPathNameA
PulseEvent
GetOverlappedResult
GetStartupInfoA
GenerateConsoleCtrlEvent
LocalFileTimeToFileTime
DuplicateHandle
lstrcpynA
LeaveCriticalSection
ExpandEnvironmentStringsW
CreateDirectoryExA
EnumSystemCodePagesA
GetShortPathNameA
PrepareTape
AreFileApisANSI
GetCommState
GlobalAddAtomA
_lopen
ClearCommBreak
GetWindowsDirectoryA
DeleteCriticalSection
GetSystemDirectoryW
FindResourceExA
_lclose
GetOEMCP
GetLargestConsoleWindowSize
UnhandledExceptionFilter
IsDBCSLeadByteEx
SystemTimeToFileTime
CompareStringW
GetTickCount
ExitProcess
version
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
advapi32
LockServiceDatabase
RegCloseKey
GetSidIdentifierAuthority
LookupAccountNameW
GetAce
GetSidSubAuthority
SetSecurityDescriptorSacl
RegQueryValueA
GetServiceDisplayNameA
GetFileSecurityA
CryptSetHashParam
AccessCheckAndAuditAlarmW
OpenThreadToken
QueryServiceStatus
ObjectCloseAuditAlarmA
gdi32
GetEnhMetaFileDescriptionA
ExtSelectClipRgn
Ellipse
GetClipRgn
GetWindowExtEx
GetTextAlign
AddFontResourceW
ExtCreatePen
user32
DragDetect
CreateCaret
CharLowerW
UnhookWindowsHook
TrackMouseEvent
oleaut32
VariantChangeType
SysFreeString
ws2_32
WSAAddressToStringW
getsockname
WSASetLastError
WSAGetQOSByName
Sections
.text Size: 4KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 252KB - Virtual size: 251KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ