Static task
static1
Behavioral task
behavioral1
Sample
a2c8a63a043cfcadbc334066bf597ad0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a2c8a63a043cfcadbc334066bf597ad0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a2c8a63a043cfcadbc334066bf597ad0_JaffaCakes118
-
Size
190KB
-
MD5
a2c8a63a043cfcadbc334066bf597ad0
-
SHA1
92e8a3c518fc6e8905119f9fc12885e642f2ebb1
-
SHA256
53e2b6a7f41c6479a40ee20a0048b0e0f851b85c051a38972efb06cf065430e5
-
SHA512
4a9a740b46894b33d9a52c9a1c01f6bded62ec316392851c472c2b54aa519b22dbc3631cc4436856ce6184672949f41d201e9596af36eefcfbb4075d658ac0a1
-
SSDEEP
3072:aX44GaL3PKqOVV7nxJnoGRBS+ml8HafOafacS6axoUF/OGnt83Jl920vXf:aX48PKpJNY9RzScS6axoUF/OGnt83JlB
Malware Config
Signatures
Files
-
a2c8a63a043cfcadbc334066bf597ad0_JaffaCakes118.exe windows:5 windows x64 arch:x64
063cac382da1eae52666043125dab372
Code Sign
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10-01-1997 07:00Not After31-12-2020 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporationc1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10-01-1997 07:00Not After31-12-2020 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22-08-2007 22:31Not After25-08-2012 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:0f:78:4d:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-08-2007 00:23Not After23-02-2009 00:33SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:14:2c:a7:00:00:00:00:00:06Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-06-2007 23:54Not After13-06-2012 00:04SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:14:2c:a7:00:00:00:00:00:06Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-06-2007 23:54Not After13-06-2012 00:04SubjectCN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16-09-2006 01:04Not After15-09-2019 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7b:c1:16:c0:86:8f:f7:10:a2:61:ac:9e:13:79:bf:12:22:b0:40:ceSigner
Actual PE Digest7b:c1:16:c0:86:8f:f7:10:a2:61:ac:9e:13:79:bf:12:22:b0:40:ceDigest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
bscmake.pdb
Imports
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
kernel32
SetLastError
GetSystemInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetVersion
ExpandEnvironmentStringsW
CloseHandle
MapViewOfFile
CreateFileMappingW
LoadResource
FindResourceExW
UnmapViewOfFile
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
CreateMutexW
CreateEventW
LoadLibraryExW
FindClose
FindNextFileW
GetLastError
FindFirstFileW
GetFileAttributesW
GetUserDefaultUILanguage
SetFileTime
SetEndOfFile
GetFileTime
CreateFileW
GetModuleFileNameW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
HeapSetInformation
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
GetFileType
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
Sleep
RtlCaptureContext
msvcr90
fgetwc
ftell
_wutime64
exit
_wunlink
swprintf_s
memcpy_s
_wpgmptr
wcsncpy_s
swscanf_s
_itow_s
wcsncat_s
_wmakepath_s
_wsplitpath_s
_wcserror_s
fseek
_errno
_wsopen_s
_wfsopen
_read
_wgetcwd
memmove
setlocale
wcschr
wcsrchr
towlower
iswlower
iswupper
iswalpha
_wfindfirst64i32
_wfindnext64i32
_findclose
towupper
wcscspn
free
strcpy_s
calloc
realloc
_get_osfhandle
_fileno
__iob_func
fflush
vfwprintf
_vcwprintf
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
__crt_debugger_hook
_wcsicmp
memcpy
signal
_snwprintf_s
wcscat_s
_wstat64i32
wcscpy_s
memset
_close
mspdb80
?open@NameMap@@SAHPEAUPDB@@HPEAPEAU1@@Z
?Open2W@PDB@@SAHPEBGPEBDPEAJPEAG_KPEAPEAU1@@Z
Sections
.text Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
j� Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ