C:\Documents and Settings\Admin\Desktop\Data Newuploader\Release\Newuploader.pdb
Static task
static1
Behavioral task
behavioral1
Sample
886e85999d2eedf7e8bba5fc3d2cb5ba_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
886e85999d2eedf7e8bba5fc3d2cb5ba_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
886e85999d2eedf7e8bba5fc3d2cb5ba_JaffaCakes118
-
Size
1.6MB
-
MD5
886e85999d2eedf7e8bba5fc3d2cb5ba
-
SHA1
0f189016909a47541927d35de09a6f8addc413c5
-
SHA256
0adaf03a3d9ef00bb6996c2c3642cdf88ac26221ad4d13b650715affc0ebadb9
-
SHA512
4604a78578a6f26ae17d7b6b47b3906b4affc3ffea643f1ff5027681329ae63e55bd2f8a020021ee0fa7499b52a841e0052c9ce9b973798ad9c21f72e14f37fa
-
SSDEEP
24576:JFVnkjWbvaHbrAyiWnB5hH7WAqnb9GcqXKAtal0mR7eC6Z+BqPb+u/:fVkjav4gyiWn5H7W9pGxta1T6ZKY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 886e85999d2eedf7e8bba5fc3d2cb5ba_JaffaCakes118
Files
-
886e85999d2eedf7e8bba5fc3d2cb5ba_JaffaCakes118.exe windows:5 windows x86 arch:x86
7904393652294b77a69e95fa6d78bafd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LoadLibraryA
GetProcAddress
CreateFileW
GetVersionExA
WriteFile
GetFileTime
GetComputerNameA
GetACP
GetTempPathA
FormatMessageA
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
GetOEMCP
SetFileAttributesW
SetFilePointer
GetFileAttributesW
DeleteFileW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
LocalFree
GetFileSize
GetLogicalDrives
CreateThread
CloseHandle
GetTickCount
GetCurrentDirectoryA
SetFileAttributesA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
FindClose
GetLastError
DeleteFileA
CopyFileA
Sleep
FindNextFileA
FindFirstFileA
GetComputerNameExA
ReadFile
CreateFileA
GetLogicalDriveStringsA
IsDebuggerPresent
user32
CreateWindowExA
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
RegisterClassExA
PostQuitMessage
EndDialog
GetMessageA
LoadAcceleratorsA
LoadStringA
DispatchMessageA
TranslateMessage
EndPaint
TranslateAcceleratorA
advapi32
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextA
GetUserNameA
RegCloseKey
CryptReleaseContext
CryptGenRandom
RegQueryValueExA
CryptGetProvParam
CryptEnumProvidersA
RegSetValueExA
msvcp90
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
msvcr90
_localtime64
_time64
__timezone
_mktime64
memmove
srand
isalnum
towlower
towupper
fseek
_telli64
ferror
fread
_filelengthi64
_atoi64
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
strcat
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wcsicmp
memcpy
strncpy
strchr
strrchr
sscanf
_stricmp
strlen
__CxxFrameHandler3
printf
fgets
fclose
fwrite
fopen
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
toupper
tolower
_strnicmp
strcmp
strcpy
strncmp
rand
memcmp
memset
?terminate@@YAXXZ
strstr
_fileno
ws2_32
inet_ntoa
ntohs
htons
inet_addr
getsockname
WSAGetLastError
setsockopt
WSAStartup
gethostbyname
connect
ioctlsocket
select
__WSAFDIsSet
bind
closesocket
shutdown
send
recv
socket
crypt32
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertGetCertificateChain
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrA
CryptEncodeObject
CryptDecodeMessage
CryptDecryptMessage
CryptEncryptMessage
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
Sections
.text Size: 900KB - Virtual size: 899KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 571KB - Virtual size: 570KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 50KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ