winl
Static task
static1
Behavioral task
behavioral1
Sample
720961a694ac518995fa8526f41aba30_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
720961a694ac518995fa8526f41aba30_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
720961a694ac518995fa8526f41aba30_JaffaCakes118
-
Size
20KB
-
MD5
720961a694ac518995fa8526f41aba30
-
SHA1
8f5fbf5189664db5cb77f53573fa4e5defcddc22
-
SHA256
961c4ff8ae468823dba8fdb639d366cca7fb97aee0ed71418b67ef0028efaaf0
-
SHA512
47d3cd3c86b88cf3d796a115689d055083edf70440d46e456a88c31432c6054b7ebc72990573da29923e6eafb8faffd045f05d0f158f1ae1e1343947123e31fa
-
SSDEEP
192:wcWQAUzsBvFIS7qUyw1PLsGXGkk4pK62:wgsLIS7tywlRKJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 720961a694ac518995fa8526f41aba30_JaffaCakes118
Files
-
720961a694ac518995fa8526f41aba30_JaffaCakes118.dll windows:4 windows x86 arch:x86
a423e9d6d0801fd36fe7a7cfade7c8a4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
wsock32
closesocket
gethostbyname
htons
socket
WSAStartup
connect
send
recv
WSACleanup
kernel32
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
lstrlenA
lstrcatA
lstrcpyA
CloseHandle
WriteFile
CreateFileA
Sleep
WinExec
lstrcmpiA
GetVersionExA
GetVolumeInformationA
DeleteFileA
GetFileSize
ReadFile
GetSystemDirectoryA
GetProcAddress
LoadLibraryExA
user32
wsprintfA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
Exports
Exports
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 942B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 697B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 330B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ