Static task
static1
Behavioral task
behavioral1
Sample
5d4d2aa473d77c11ec374b4cffbcaf37_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5d4d2aa473d77c11ec374b4cffbcaf37_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5d4d2aa473d77c11ec374b4cffbcaf37_JaffaCakes118
-
Size
90KB
-
MD5
5d4d2aa473d77c11ec374b4cffbcaf37
-
SHA1
c6e60c3f922e815715ea985462fef1f1bfd6a37c
-
SHA256
11d690d4b7a14756b99f2e01874827b4777f200a124d50c2dc7e53e9086b5712
-
SHA512
a9d83c6f61dcbfa8d5289b15bb3347270f592c2adef4b03a0d73a6785b3ab02bead92f7c4a923f497943b0f51043471c3e794f55d230f926be2c0e6c906129c1
-
SSDEEP
1536:Iin9IMYNZIfF/IcShjTGWkkAgz5MRz3aHlHRs:Ii9IMYn0FIjgkA5Rz30lHRs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5d4d2aa473d77c11ec374b4cffbcaf37_JaffaCakes118
Files
-
5d4d2aa473d77c11ec374b4cffbcaf37_JaffaCakes118.exe windows:4 windows x86 arch:x86
63294e7ef885864ec9c616eaf3bd9fa4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetCurrentProcess
GetCurrentThread
DeleteFileA
lstrcmpiA
GetCommandLineA
lstrlenA
GetProcessHeap
InitializeCriticalSection
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
FreeResource
InterlockedIncrement
SizeofResource
LoadResource
FindResourceA
GetTickCount
GetStringTypeA
GetOEMCP
GetACP
SetFilePointer
LCMapStringW
HeapAlloc
OpenProcess
CloseHandle
FreeLibrary
lstrlenW
WideCharToMultiByte
CreateThread
TerminateProcess
Sleep
GetVersionExA
LoadLibraryA
GetProcAddress
LockResource
HeapFree
RaiseException
GetStringTypeW
SetStdHandle
FlushFileBuffers
LocalFree
GetModuleFileNameA
LCMapStringA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
advapi32
GetTokenInformation
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
atl
ole32
CoInitializeSecurity
CoInitialize
CoDisconnectObject
CoCreateInstance
CoUninitialize
oleaut32
user32
CharNextA
PostThreadMessageA
LoadStringA
GetMessageA
DispatchMessageA
wininet
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
winmm
timeKillEvent
timeSetEvent
ws2_32
Sections
SYNC Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.avc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE