d:\build\ob\bora-366101\mojo\vdi\build\framework\bin\ia32\release\wsnm.pdb
Static task
static1
Behavioral task
behavioral1
Sample
5c50582c4963b650834172809de8786a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5c50582c4963b650834172809de8786a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5c50582c4963b650834172809de8786a_JaffaCakes118
-
Size
482KB
-
MD5
5c50582c4963b650834172809de8786a
-
SHA1
20b72df24347527256d7106f2a0daf84a5e3372d
-
SHA256
871c5ff908b817f722d4a1f8685bd32bc9c4c56b70adb3e92dcc6209a07c8045
-
SHA512
bc39658e3aa7103cd94274d6e94b75bba07054d74e185342f7c6b223ca47bca17598de5d0ebb8137f3b0db5d4a4312ee2836946baeff0211b54e8a00e7bf6e77
-
SSDEEP
3072:bKzDPfhDgvm7bILsUIje5IjFPU9/TJROvqc0Nd7:MrqUbJdjrBPCZT7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5c50582c4963b650834172809de8786a_JaffaCakes118
Files
-
5c50582c4963b650834172809de8786a_JaffaCakes118.exe windows:5 windows x86 arch:x86
f86a12d083b533ea09cddfe6bedf94ab
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
messageframework
??0corecritsec@CORE@@QAE@PBD@Z
??1corecritsec@CORE@@UAE@XZ
?AddRef@coreref@CORE@@UAEJXZ
?Release@coreref@CORE@@UAEJXZ
?Shutdown@MessageFrameWork@CORE@@SAXXZ
?System@MessageFrameWork@CORE@@SAPAV12@XZ
?EnumPlugins@MessageFrameWork@CORE@@SAXPAXP6A_N0V?$corestring@_W@2@PAUHINSTANCE__@@@Z@Z
?Pause@MessageFrameWork@CORE@@SAXXZ
?Continue@MessageFrameWork@CORE@@SAXXZ
??4?$corestring@_W@CORE@@QAEAAV01@PB_W@Z
??0coresynctimer@@QAE@XZ
??1coresynctimer@@UAE@XZ
??6?$corestring@_W@CORE@@QAEAAV01@I@Z
?corelogExternal@CORE@@3P6AXPB_WW4logLevel@corelogger@1@0PAD@ZA
?substr@?$corestring@_W@CORE@@QBE?AV12@II@Z
?toLower@?$corestring@_W@CORE@@QAEAAV12@XZ
??8?$corestring@_W@CORE@@QBE_NPB_W@Z
?_setsize@?$corestring@_W@CORE@@AAEXI_N@Z
?_wstr@?$corestring@_W@CORE@@QBE?AV12@I@Z
?msgbox@coremsgbox@CORE@@SAHPB_WZZ
?corerunnable_beginthreadex@CORE@@3P6AIPAXIP6GI0@Z0IPAI@ZA
?corerunnable_traceThreads@CORE@@3_NA
?_setdata@?$corestring@D@CORE@@AAEXPBDI@Z
?_tstr@?$corestring@D@CORE@@QBE?AV?$corestring@_W@2@I@Z
??1?$corestring@D@CORE@@QAE@XZ
??6?$corestring@_W@CORE@@QAEAAV01@ABV01@@Z
?p_upd@?$corestring@_W@CORE@@QAEPA_WXZ
??0coresync@CORE@@QAE@AAVcoresyncObject@1@@Z
??1coresync@CORE@@UAE@XZ
?_dataAttachTemp@?$corestring@_W@CORE@@AAEXABV12@@Z
??0?$corestring@_W@CORE@@QAE@XZ
?__SysMessage@CORE@@YAXW4SysMessageType@1@AAV?$corestring@_W@1@PB_WPAD22@Z
?sysmsgLogLoaded@CORE@@YAXPAUHINSTANCE__@@_N@Z
??4?$corestring@_W@CORE@@QAEAAV01@ABV01@@Z
?dropSuffix@?$corestring@_W@CORE@@SA?AV12@PB_W@Z
?lastPath@?$corestring@_W@CORE@@SA?AV12@PB_W@Z
?_setdata@?$corestring@_W@CORE@@AAEXPB_WI@Z
??H?$corestring@_W@CORE@@QBE?AV01@PB_W@Z
?threadwrapper_deconstructed@CORE@@3PAVcorethreadwrapper@1@A
??_7coreref@CORE@@6B@
mystrdup
?corerunnable_defaultThreadWrapper@CORE@@3PAVcorethreadwrapper@1@A
??1coreref@CORE@@UAE@XZ
myrealloc
mysize
mycalloc
myfree
mymalloc
?SysInstallEvents@CORE@@YAXXZ
??6?$corestring@_W@CORE@@QAEAAV01@PB_W@Z
?splitMap@?$corestring@_W@CORE@@QAE?AV?$corestrmap@_W@2@_W0_N@Z
exit_hcheapEXE
?SetShutdownCallback@MessageFrameWork@CORE@@SAXP6A_NPAVMessageChannel@2@@Z@Z
?toInt@?$corestring@_W@CORE@@QBEH_N@Z
?Start@MessageFrameWork@CORE@@SAPAV12@HP6AXW4ChannelType@12@W4ChannelEvent@12@PAVMessageChannel@2@@ZHHH@Z
?Ready@MessageFrameWork@CORE@@SA_NXZ
?globalName@coreosver@CORE@@QAE?AV?$corestring@_W@2@PB_W@Z
??0coreany@CORE@@QAE@H@Z
?attr@coreany@CORE@@QAEPAU_SECURITY_ATTRIBUTES@@XZ
?SendMsg@MessageHandler@CORE@@QAE?AW4respType@12@PB_W0AAVPropertyBag@2@1P6AXPAXAAV?$corestring@_W@2@1PAVMsgBinary@2@@Z2PAVMessageChannel@2@K24_N4PAV52@7@Z
?Stop@MessageFrameWork@CORE@@SAXXZ
?InstallUnhandledExceptionFilter@CORE@@YAXXZ
?InstallStructuredExceptionHandlingFilter@CORE@@YAXXZ
??0InstRole@CORE@@QAE@XZ
?GetType@InstRole@CORE@@QAEKXZ
??1InstRole@CORE@@UAE@XZ
??0coreosver@CORE@@QAE@XZ
?level@coreosver@CORE@@QAE?AW4ntLevel@12@XZ
?formatError@?$corestring@_W@CORE@@SA?AV12@K@Z
?ChannelAddRef@MessageFrameWork@CORE@@QAEXPAVMessageChannel@2@@Z
?notifyPlugins@MessageFrameWork@CORE@@SAXW4ChannelType@12@W4ChannelEvent@12@PAVMessageChannel@2@@Z
?ChannelRelease@MessageFrameWork@CORE@@QAEXPAVMessageChannel@2@@Z
??0PropertyBag@CORE@@QAE@XZ
?setInt@PropertyBag@CORE@@QAEXPB_WH@Z
?ChannelClientSessionId@MessageFrameWork@CORE@@QAEHPAVMessageChannel@2@@Z
?BroadcastMsg@MessageHandler@CORE@@QAEXPB_W0AAVPropertyBag@2@PAVMessageChannel@2@0_N@Z
??1PropertyBag@CORE@@UAE@XZ
??0?$corestring@_W@CORE@@QAE@ABV01@@Z
??0?$corestring@_W@CORE@@QAE@PB_WI@Z
?_tstr@?$corestring@_W@CORE@@QBE?AV12@I@Z
?p@?$corestring@_W@CORE@@QBEPB_WXZ
?getModuleName@?$corestring@_W@CORE@@SA?AV12@PAUHINSTANCE__@@@Z
??B?$corestring@_W@CORE@@QBEPB_WXZ
??1?$corestring@_W@CORE@@QAE@XZ
kernel32
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
HeapDestroy
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InitializeCriticalSection
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
WriteFile
InterlockedDecrement
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MultiByteToWideChar
GetModuleHandleW
GetTickCount
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
CompareStringW
SetEvent
CloseHandle
GetCurrentProcess
Sleep
GetCurrentThread
SetPriorityClass
GetVersionExW
ResetEvent
WaitForSingleObject
CreateEventW
SetProcessShutdownParameters
SetConsoleCtrlHandler
InterlockedCompareExchange
GetCurrentThreadId
OpenEventW
SetThreadPriority
ResumeThread
ExitProcess
WaitForMultipleObjects
user32
CreateWindowExW
DefWindowProcW
DispatchMessageW
GetMessageW
RegisterClassW
PostThreadMessageW
DestroyWindow
advapi32
CopySid
IsValidSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
ChangeServiceConfigW
CreateServiceW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
GetLengthSid
ole32
CoUninitialize
CoInitializeSecurity
CoInitializeEx
Sections
.text Size: 64KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 364KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ