Static task
static1
Behavioral task
behavioral1
Sample
9521e0cedb3c7c9466cca302ef145025_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
9521e0cedb3c7c9466cca302ef145025_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
9521e0cedb3c7c9466cca302ef145025_JaffaCakes118
-
Size
148KB
-
MD5
9521e0cedb3c7c9466cca302ef145025
-
SHA1
7a795ced1f8ad11ec10e550d3321c848890d95f8
-
SHA256
c9dccf2f97f3ee95c70237073c0b1bbc16f30dc624b0e48c5db8b58075b16d81
-
SHA512
c9ad63fd71bed6afb39c550499c280b84282c9e3c7221c7ac481d61ba164f4ab1bb668361be0668a8938d7213df7bc19dcf8d929ce6a1368d067003221cb4871
-
SSDEEP
3072:wenQycBLycwKOXQFhbfG0buTBft//zmtf:weud7wKOXOpfG0buTBl/Lmt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9521e0cedb3c7c9466cca302ef145025_JaffaCakes118
Files
-
9521e0cedb3c7c9466cca302ef145025_JaffaCakes118.exe windows:4 windows x86 arch:x86
acc5dc8550ee2e3e07f9b0864a018696
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
CreateProcessA
InitializeCriticalSection
lstrcatA
lstrcmpiA
WriteFile
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
TerminateProcess
OpenProcess
GetCurrentThreadId
GetSystemInfo
GetComputerNameA
GetVersionExA
OpenEventA
SetErrorMode
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetCurrentProcessId
GetModuleHandleA
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
GetLastError
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
Sleep
CloseHandle
FreeLibrary
SetEvent
WaitForSingleObject
LoadLibraryA
CreateFileA
user32
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorInfo
DestroyCursor
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SendMessageA
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
TranslateMessage
GetMessageA
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
IsWindow
advapi32
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
CloseServiceHandle
DeleteService
OpenSCManagerA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegRestoreKeyA
RegSaveKeyA
RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
msvcrt
_errno
strchr
atoi
strrchr
strcmp
_except_handler3
malloc
free
sprintf
strcat
strcpy
rand
memcmp
strstr
strlen
_ftol
??0exception@@QAE@ABQBD@Z
ceil
_beginthreadex
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnset
_strrev
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_strnicmp
memset
??2@YAPAXI@Z
putchar
??3@YAXPAX@Z
memcpy
puts
__CxxFrameHandler
_CxxThrowException
memmove
ws2_32
recv
select
closesocket
send
inet_addr
connect
sendto
WSASocketA
htonl
inet_ntoa
getsockname
bind
recvfrom
__WSAFDIsSet
gethostbyname
htons
setsockopt
WSAIoctl
WSACleanup
WSAStartup
socket
Sections
.text Size: 108KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ