Static task
static1
Behavioral task
behavioral1
Sample
77529409693994c20e4690c5430b725f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
77529409693994c20e4690c5430b725f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
77529409693994c20e4690c5430b725f_JaffaCakes118
-
Size
866KB
-
MD5
77529409693994c20e4690c5430b725f
-
SHA1
f2853acb3b63e0213417544c20a024c7f9cf9050
-
SHA256
d128f7ce0f4c272d4339d328f9d6696cd4d77fe1ceb88709c838c020d161d733
-
SHA512
956928a2d5f17744752cda884d0231a884897b73df1889996cb5a6ac9de302b29d2f83dfb8fa0f2450b53dab6ac73b0a1f5d934f4e6d0fbd3602275279c4de49
-
SSDEEP
24576:B0z7M3NnQfgLtb0XbJNkSNiC2q0D8PuCpuikNjpqIYh:hQoLN0rrkLq48P/5kN1qFh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 77529409693994c20e4690c5430b725f_JaffaCakes118
Files
-
77529409693994c20e4690c5430b725f_JaffaCakes118.exe windows:5 windows x86 arch:x86
bc3379b6d4a9c8a9ed9a690e5ea25b42
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt40
__p__winver
_mbsncmp
_strset
_locking
?clrlock@streambuf@@QAEXXZ
?unexpected@@YAXXZ
_mbsnbcmp
_adj_fdivr_m16i
??_Eifstream@@UAEPAXI@Z
strrchr
_yn
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
tanh
??1ostrstream@@UAE@XZ
??_Distream_withassign@@QAEXXZ
fread
longjmp
wcsspn
modf
asin
??_Eexception@@UAEPAXI@Z
iswctype
_atoldbl
?setf@ios@@QAEJJJ@Z
?sync@filebuf@@UAEHXZ
??_Gofstream@@UAEPAXI@Z
getenv
atoi
_mbsncoll
wcstol
fopen
??4exception@@QAEAAV0@ABV0@@Z
advapi32
BuildImpersonateTrusteeA
OpenBackupEventLogA
GetMultipleTrusteeW
GetSecurityDescriptorDacl
WmiDevInstToInstanceNameW
FileEncryptionStatusW
GetSecurityDescriptorLength
BuildImpersonateExplicitAccessWithNameW
GetExplicitEntriesFromAclW
AddAccessAllowedObjectAce
SaferiCompareTokenLevels
RegisterEventSourceW
SystemFunction020
LookupAccountSidA
CryptSignHashA
CryptContextAddRef
RegQueryMultipleValuesW
SetSecurityDescriptorGroup
ImpersonateAnonymousToken
WmiDevInstToInstanceNameA
DeleteAce
MakeSelfRelativeSD
OpenEventLogW
OpenServiceA
SystemFunction013
CredDeleteW
CredpDecodeCredential
CryptSetProvParam
LsaQueryTrustedDomainInfoByName
SystemFunction006
SystemFunction032
GetFileSecurityW
CreateProcessWithLogonW
CancelOverlappedAccess
ConvertAccessToSecurityDescriptorW
BuildTrusteeWithObjectsAndNameW
IsTokenRestricted
DuplicateEncryptionInfoFile
kernel32
GetCPInfo
lstrcmpi
BuildCommDCBW
CreatePipe
QueryMemoryResourceNotification
LoadLibraryA
AddVectoredExceptionHandler
FileTimeToSystemTime
GetSystemDirectoryW
CreateJobSet
EnterCriticalSection
FatalExit
EnumDateFormatsA
GlobalAddAtomA
BuildCommDCBA
SetCommConfig
InterlockedDecrement
GetModuleHandleW
LeaveCriticalSection
FindNextFileA
GetConsoleTitleA
SetConsoleFont
AddAtomA
SetThreadIdealProcessor
GetFileInformationByHandle
ReadConsoleOutputCharacterA
UnmapViewOfFile
TerminateThread
ReplaceFileW
DeleteCriticalSection
lstrcmp
FindResourceExA
Heap32First
VirtualAlloc
SetConsoleTextAttribute
PeekConsoleInputA
EnumResourceTypesW
ExitProcess
OpenSemaphoreW
sqlunirl
_SetMenuItemInfo_@16
_NDdeShareAdd_@20
_DeleteFile@4
_EnumWindowStations_@8
_RegisterClassEx_@4
_LookupPrivilegeValue_@12
_GetKerningPairs_@12
_OpenWaitableTimer_@12
_StartServiceCtrlDispatcher_@4
AllocConvertMultiSZNameToAEx
_SetComputerName_@4
_CopyFile_@12
_IsCharAlpha_@4
_GetPrivateProfileInt_@16
_GetWindowsDirectory_@8
_OpenEvent_@12
_SendDlgItemMessage@20
_ChooseFont_@4
_CreateWaitableTimer_@12
newWideCharFromMultiByte
_CommDlg_OpenSave_GetFolderPath@12
_GetProfileString_@20
newMultiByteFromWideChar
_RegEnumKeyEx_@32
_wvsprintf_@12
_GetModuleHandle_@4
_CreateMailslot_@16
_FindResourceEx_@16
_FindResource@12
ole32
HICON_UserFree
IsAccelerator
WdtpInterfacePointer_UserMarshal
CoCreateObjectInContext
CreateStdProgressIndicator
RevokeDragDrop
StgCreateDocfileOnILockBytes
HDC_UserUnmarshal
EnableHookObject
MonikerCommonPrefixWith
UpdateDCOMSettings
OpenOrCreateStream
CoTaskMemFree
CLIPFORMAT_UserSize
CoRegisterChannelHook
CreateDataCache
DcomChannelSetHResult
OleCreateFromDataEx
CoGetInterceptorFromTypeInfo
CoInitializeEx
CoFreeAllLibraries
CLIPFORMAT_UserMarshal
IsEqualGUID
HMENU_UserSize
DllDebugObjectRPCHook
IsValidPtrOut
UtConvertDvtd16toDvtd32
StgOpenStorageEx
ComPs_NdrDllUnregisterProxy
HBITMAP_UserMarshal
CoCreateGuid
CreateFileMoniker
CoGetContextToken
CoGetInstanceFromIStorage
CoSwitchCallContext
RegisterDragDrop
CoGetObject
HGLOBAL_UserUnmarshal
HBITMAP_UserUnmarshal
StgGetIFillLockBytesOnILockBytes
OleMetafilePictFromIconAndLabel
OleDuplicateData
netapi32
NetDfsSetInfo
NetReplImportDirLock
NetUserModalsSet
NetMessageBufferSend
DsRoleCancel
NetGroupEnum
I_NetServerPasswordSet
NetServerComputerNameDel
NetUseDel
NetUseEnum
I_BrowserDebugTrace
NetServerComputerNameAdd
NetStatisticsGet
I_BrowserQueryEmulatedDomains
DsGetDcNextW
NetpSetFileSecurity
RxNetServerEnum
NetpGetConfigDword
NetReplExportDirUnlock
NetUseGetInfo
NetReplSetInfo
NetLocalGroupSetInfo
I_NetDatabaseSync
I_NetGetDCList
NetpwNameCompare
NetConfigGetAll
NetLogonSetServiceBits
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 541KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ