Static task
static1
Behavioral task
behavioral1
Sample
9681578fc727e5ecdd617a6eed7302b0_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
9681578fc727e5ecdd617a6eed7302b0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
9681578fc727e5ecdd617a6eed7302b0_JaffaCakes118
-
Size
352KB
-
MD5
9681578fc727e5ecdd617a6eed7302b0
-
SHA1
bc514024cc2f48e4016435aebf5fd156d6d0d37f
-
SHA256
5c795d075675e69e0e14ad36c24aa9b5282695eddf603182b3b94d5989d0a2ff
-
SHA512
0092071c85e25bac0e30af8be013c2d79bd9c548bfe29b28c09302055a2dc20f38030868516da7dee9332e85233b6054f929b968b853e10b95e39aa51f7c89aa
-
SSDEEP
6144:v3QRLwM/CPNsPr39hSw15qQvNdjzSVl1wmO9pEWoTso2lJXBLRIB4Rut4ApuRvB3:/8wM/CqxhTqQvNdj8WYpuRVxiJ7fGfSU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9681578fc727e5ecdd617a6eed7302b0_JaffaCakes118
Files
-
9681578fc727e5ecdd617a6eed7302b0_JaffaCakes118.exe windows:4 windows x86 arch:x86
327dd88fa405974318c2d9272471b1ba
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CryptAcquireContextW
RegQueryInfoKeyA
CreateServiceA
CryptDuplicateKey
RegSetValueExA
RegOpenKeyExA
CryptHashData
CryptGenRandom
LookupAccountSidA
RegCloseKey
RegOpenKeyA
RegCreateKeyExW
RegSaveKeyA
gdi32
SetDIBits
GetCharABCWidthsFloatA
SetMapperFlags
CreateEnhMetaFileW
GdiGetBatchLimit
PolyPolygon
ExcludeClipRect
user32
GetWindowThreadProcessId
TranslateMDISysAccel
SetDlgItemInt
ChangeMenuA
GetScrollPos
GetKeyboardState
RegisterClassExA
KillTimer
RegisterClassA
SetWindowPlacement
DdeQueryStringA
GetClassWord
GetUserObjectInformationW
AttachThreadInput
ChildWindowFromPointEx
IsZoomed
DrawTextW
ToAscii
MonitorFromPoint
DrawFocusRect
DefWindowProcW
GetNextDlgTabItem
GetMenuItemRect
GetClientRect
SetDoubleClickTime
kernel32
VirtualAlloc
GetStringTypeExA
GetCurrentThread
TerminateProcess
ReadConsoleOutputW
SetHandleCount
SetThreadIdealProcessor
VirtualProtect
IsValidLocale
DeleteCriticalSection
GetEnvironmentStrings
GetStringTypeW
CloseHandle
GetDiskFreeSpaceExA
CompareStringA
ExitThread
LCMapStringW
HeapDestroy
VirtualFree
SetFilePointer
GetCPInfo
IsValidCodePage
GetProfileSectionW
GetCurrentThreadId
WritePrivateProfileSectionA
GetModuleHandleA
RtlUnwind
CreateMutexA
FlushFileBuffers
GetSystemInfo
GetLocaleInfoA
ExitProcess
OpenEventA
SetConsoleCursorPosition
GetStartupInfoA
InterlockedExchangeAdd
GetCommandLineA
LCMapStringA
GetLocaleInfoW
FreeEnvironmentStringsW
HeapSize
WideCharToMultiByte
FreeEnvironmentStringsA
HeapCreate
CreatePipe
InterlockedExchange
GetModuleFileNameA
IsBadWritePtr
GetVersionExA
MultiByteToWideChar
HeapAlloc
EnumDateFormatsExA
LocalHandle
QueryPerformanceCounter
GetCurrentProcess
FreeResource
GetSystemTimeAsFileTime
VirtualQuery
SetEnvironmentVariableA
GetACP
GetProcAddress
GlobalFree
SetLastError
WriteProfileSectionA
GetDateFormatA
SetLocaleInfoA
CompareStringW
GetOEMCP
HeapReAlloc
EnumSystemLocalesA
HeapFree
ReadFile
TlsAlloc
SetLocalTime
WritePrivateProfileStringW
GetEnvironmentStringsW
SetStdHandle
LoadLibraryA
LeaveCriticalSection
OpenMutexA
GetProfileIntA
GetFileType
GetTimeZoneInformation
GetUserDefaultLCID
TlsFree
GetTimeFormatA
WriteFile
GetStdHandle
TlsSetValue
EnumDateFormatsA
GetCurrentProcessId
UnhandledExceptionFilter
GetPrivateProfileStringW
GetLastError
GetTickCount
InitializeCriticalSection
GetStringTypeA
FindFirstFileExW
TlsGetValue
lstrcpynW
EnterCriticalSection
comctl32
InitCommonControlsEx
Sections
.text Size: 185KB - Virtual size: 185KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 146KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ