Static task
static1
Behavioral task
behavioral1
Sample
a15cae00376cddde1e3e53ea8a3a81d5_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a15cae00376cddde1e3e53ea8a3a81d5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a15cae00376cddde1e3e53ea8a3a81d5_JaffaCakes118
-
Size
169KB
-
MD5
a15cae00376cddde1e3e53ea8a3a81d5
-
SHA1
2c619df9c9d4e670d21d6456fd54b4090b0ad74c
-
SHA256
350c43c04d4ff2526f4ba2be92fdeb8df66d7a0192178053d8fe5bbe7587456b
-
SHA512
6c31145aa21af71917f56802b3dc0e19f3de68cede1e2a633abb3073a467f5a1566af40fcd9d65fb294ce1ab15fe5f4babcc0749773835a226a7154399389e00
-
SSDEEP
3072:PXQ9PFApf5Eg2YAXK5Ek4KHb9mcLp8iThDxOZrTaXF9DLg4H:6ufGg21WEkXHb9mu8iThVqTaXrDM4H
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a15cae00376cddde1e3e53ea8a3a81d5_JaffaCakes118
Files
-
a15cae00376cddde1e3e53ea8a3a81d5_JaffaCakes118.exe windows:4 windows x86 arch:x86
198c766487a6387b986604478b6fbc27
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualQuery
GetCurrentProcess
GlobalAddAtomA
GetOEMCP
SetFilePointer
GetSystemInfo
VirtualProtect
HeapAlloc
EnumResourceNamesW
RtlUnwind
FlushFileBuffers
HeapFree
GetVolumeInformationA
ExitProcess
ReadFile
WriteFile
SetEndOfFile
FindAtomW
winspool.drv
ClosePrinter
OpenPrinterW
DocumentPropertiesW
comdlg32
ChooseFontA
GetOpenFileNameA
ole32
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StgCreateDocfile
setupapi
CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
Sections
.text Size: 86KB - Virtual size: 486KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ