Static task
static1
Behavioral task
behavioral1
Sample
a611094dec2d4e72f147e3b4354128b5_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a611094dec2d4e72f147e3b4354128b5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a611094dec2d4e72f147e3b4354128b5_JaffaCakes118
-
Size
3KB
-
MD5
a611094dec2d4e72f147e3b4354128b5
-
SHA1
3f9e270558163ee011cdd286e38ae3ff310c3138
-
SHA256
85172420f7afb345e07e0d39dc076e43d27bd7be95d2d9a4c4757a1321d7ea85
-
SHA512
81743886cc71fbf0b79ebd4e6ee03ed03b2399f265aa555b484c0238c4a6b35a921a2ccac87059d415ba1e6c0d51ae055948729ad870cf29e09d0680019176e3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a611094dec2d4e72f147e3b4354128b5_JaffaCakes118
Files
-
a611094dec2d4e72f147e3b4354128b5_JaffaCakes118.exe windows:4 windows x86 arch:x86
55d7c2d261d29a9b903ca5248df91242
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
kernel32
CloseHandle
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
GetProcAddress
OpenProcess
Process32First
Process32Next
TerminateProcess
VirtualAlloc
VirtualFree
lstrcmpiA
lstrlenW
user32
CharUpperW
Sections
.text Size: 1024B - Virtual size: 946B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 437B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE