Static task
static1
Behavioral task
behavioral1
Sample
5c7572e875552e8166eb15c57e9a3219_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5c7572e875552e8166eb15c57e9a3219_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5c7572e875552e8166eb15c57e9a3219_JaffaCakes118
-
Size
5.7MB
-
MD5
5c7572e875552e8166eb15c57e9a3219
-
SHA1
ee56fc5d6de941cb94173939654940682eb8641e
-
SHA256
23bdd320a43c72ff48777b3f898bf8e6414c142a31547d2be519389d1a30340a
-
SHA512
f9ac16bd193e1d72632b65898bcd6c616c7b16f52047bb58464bce31b6ca3f0bae3d65e49e1a2caae53b24e6788002054bdd91be53114cf97c20b155098322d5
-
SSDEEP
98304:P+dXW2cIdjbAblh9lo0lrelN5GNEpMPaWsP6p7kicLuR3M8w4qQDybk/bJYT7HcP:PWljClblo08AEyzo6Aa3MZe7DJ8cP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5c7572e875552e8166eb15c57e9a3219_JaffaCakes118
Files
-
5c7572e875552e8166eb15c57e9a3219_JaffaCakes118.exe windows:4 windows x86 arch:x86
f6c61b3710c8b0c72d61855180c31878
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comdlg32
GetFileTitleA
CommDlgExtendedError
user32
OemToCharBuffA
GetQueueStatus
GetWindowThreadProcessId
IsCharAlphaNumericW
ClientToScreen
SetWindowWord
OpenClipboard
ScrollDC
SetWindowPlacement
OemToCharBuffW
GetMessageA
AppendMenuA
VkKeyScanW
CharLowerBuffW
GetMenuStringW
InvalidateRgn
DrawFocusRect
GetDlgItemTextW
MessageBoxIndirectW
GetDC
RedrawWindow
GetWindowLongW
SendMessageCallbackW
DestroyWindow
SetUserObjectInformationW
CreateCursor
SetProcessDefaultLayout
version
VerFindFileA
VerInstallFileA
GetFileVersionInfoA
kernel32
GetCommConfig
FindFirstFileW
GetPrivateProfileSectionW
FileTimeToLocalFileTime
GetStartupInfoA
SetSystemTime
CloseHandle
GetPrivateProfileStringA
GetLargestConsoleWindowSize
FindCloseChangeNotification
SetConsoleActiveScreenBuffer
SetConsoleMode
ExitProcess
GetLongPathNameA
comctl32
ImageList_DrawIndirect
msvcrt
_wspawnvp
fseek
_mbsnicmp
_spawnvp
putc
_dup
fputs
_wsetlocale
memchr
setlocale
_getmbcp
_strlwr
fopen
Sections
.text Size: 2KB - Virtual size: 223KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ