e:\BuildEngineSpace\Temp\6db506e6-386e-4065-9645-1e2ed9386e40\build\Win32\Release\McAfeeSetup.pdb
Static task
static1
Behavioral task
behavioral1
Sample
a628b107032dfa16897985979198f0ad_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a628b107032dfa16897985979198f0ad_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a628b107032dfa16897985979198f0ad_JaffaCakes118
-
Size
237KB
-
MD5
a628b107032dfa16897985979198f0ad
-
SHA1
d2d97f21aa3e60c87880c4cfeb1f0050a6a8b091
-
SHA256
96afaf39ecad321661899c92acc91126126d22d5c99c4f22dde0f72cfa1de18e
-
SHA512
222f5667eb732ae6d6655f84510731b8da74cb14c404f56e45dd7ab94d57c4de0dd28108fc04243713122452ac1b952c9b0a946cd2e6a6588a3545d7d270eeb1
-
SSDEEP
3072:/+pBWRHO5aXcXs/Tgn3FgL7zq95flVeTRbN7JAjVru5aoquK3pTCTEb+:BRu7XSWmqvEtJA5poquK3pTC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a628b107032dfa16897985979198f0ad_JaffaCakes118
Files
-
a628b107032dfa16897985979198f0ad_JaffaCakes118.exe windows:5 windows x86 arch:x86
a15aae601c10bc7090e63fb3edd97d37
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shlwapi
PathFindExtensionA
PathAppendA
StrDupA
wintrust
WinVerifyTrust
kernel32
CreateFileA
GetFileSize
FindFirstFileW
SetFilePointer
lstrlenA
WritePrivateProfileStructA
GetLocaleInfoA
VirtualQuery
FreeLibrary
InterlockedIncrement
MoveFileExW
InterlockedDecrement
CreateDirectoryW
WaitForSingleObject
InterlockedCompareExchange
GetWindowsDirectoryA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
Sleep
GetVersionExW
GetFileAttributesA
GetFileAttributesW
ReadFile
GetACP
MultiByteToWideChar
FindFirstFileA
GetLastError
GetCurrentDirectoryW
GetThreadLocale
GetProcAddress
FindClose
GetPrivateProfileStringA
GetLocalTime
LoadLibraryA
RemoveDirectoryW
GetModuleFileNameA
CreateMutexA
FindNextFileW
DeleteCriticalSection
GetShortPathNameW
GetCurrentThreadId
OutputDebugStringA
ReleaseMutex
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
FindResourceA
lstrcmpA
lstrcpynA
LoadResource
GetTickCount
SizeofResource
LeaveCriticalSection
GetSystemDirectoryA
CreateDirectoryA
GetLongPathNameA
EnterCriticalSection
LockResource
GetTempPathA
LocalFree
lstrcpyA
IsBadReadPtr
SystemTimeToFileTime
lstrlenW
GetShortPathNameA
GetModuleHandleA
WriteConsoleW
FlushFileBuffers
GetPrivateProfileStructA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
LocalAlloc
InterlockedExchange
RaiseException
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
HeapReAlloc
ExitProcess
GetStdHandle
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
oleaut32
SysAllocString
SysAllocStringLen
SysFreeString
Sections
.text Size: 123KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ