Static task
static1
Behavioral task
behavioral1
Sample
a970d586c86e005e573feec7289a01ad_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a970d586c86e005e573feec7289a01ad_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a970d586c86e005e573feec7289a01ad_JaffaCakes118
-
Size
803KB
-
MD5
a970d586c86e005e573feec7289a01ad
-
SHA1
1d5d119c6a33fd87e3a7341914be13d2b2838fd7
-
SHA256
59df9fc2f534761b6414e04bd3f62951c2b83198910746da2142772c82e3bd32
-
SHA512
e72f52bf5a326e547a2e0fd751489f999eab8beb9037856b58539c631f9d3a54ff2df06012d951475aa4847e712459f2e78b864700efbb9a891b62c6d8dd93bc
-
SSDEEP
12288:XEYJ8TGHPpjQiTU1HeYcUxyNwtdK994MJAvhNnTF7OZT2Iy14pP+UjtVfNHCJCL:ETGBjQi2HeLUxHG9DDx2Iy1ovtFQ8L
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a970d586c86e005e573feec7289a01ad_JaffaCakes118
Files
-
a970d586c86e005e573feec7289a01ad_JaffaCakes118.exe windows:4 windows x86 arch:x86
bcac3fa2e9fb9de64088d544307059fd
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GlobalUnlock
LocalFree
GetModuleHandleA
HeapCreate
PulseEvent
GetCurrentDirectoryA
GetCurrentThreadId
FindResourceW
SetLastError
CreateProcessA
lstrcpyA
CloseHandle
UnmapViewOfFile
Sleep
LoadLibraryW
GetComputerNameA
CreateFileW
FindClose
lstrlenA
GetCommandLineA
user32
GetDC
CallWindowProcA
IsWindow
CreateIcon
FillRect
GetDlgItem
DrawEdge
DrawMenuBar
DispatchMessageA
CreateWindowExA
SetFocus
CheckRadioButton
GetCaretPos
cryptui
CryptUIDlgSelectStoreA
WizardFree
CryptUIDlgSelectCA
CryptUIDlgCertMgr
LocalEnroll
appwiz.cpl
ConfigStartMenu
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 793KB - Virtual size: 796KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE