Static task
static1
Behavioral task
behavioral1
Sample
ac36dc89eee1c6f8a7459e58bc4ec45f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ac36dc89eee1c6f8a7459e58bc4ec45f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
ac36dc89eee1c6f8a7459e58bc4ec45f_JaffaCakes118
-
Size
300KB
-
MD5
ac36dc89eee1c6f8a7459e58bc4ec45f
-
SHA1
ae905d328d7027991aa1e6bef82be7a80994ed87
-
SHA256
1e6b93b68d4ef9fc29356c4b3964dbbcacdbba7897024d2b9f32dead8a81abca
-
SHA512
4057a0fcae43fb1dedb27ca02989c86138d54bd6bde0aa1ee914dbbaaee8e5ab79aad2500e73a96aca6e477c93322665f410d6624a7396ad5c0f07fae16a2d0f
-
SSDEEP
3072:2D7BQhLB9V2Nrn7eMA5E+PzArXMW5q4KR4Us5:ErKcrXMZXRRs5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ac36dc89eee1c6f8a7459e58bc4ec45f_JaffaCakes118
Files
-
ac36dc89eee1c6f8a7459e58bc4ec45f_JaffaCakes118.exe windows:5 windows x86 arch:x86
4b5c365ea16b8dce3f248aaba498858b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InterlockedDecrement
GetComputerNameA
GetVolumeInformationA
GetTickCount
GetCurrentProcessId
GetModuleHandleA
CreateMutexA
ExitProcess
Sleep
GetStdHandle
SetHandleCount
VirtualAlloc
InterlockedIncrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapFree
GetPrivateProfileStringA
lstrcmpA
GetLastError
MoveFileExA
RemoveDirectoryA
DeleteFileA
GetCurrentProcess
CreateProcessA
WriteFile
HeapAlloc
GetProcessHeap
GetTempPathA
LoadLibraryA
ReadFile
GetFileSize
CreateFileA
FreeLibrary
GetModuleFileNameA
GetProcAddress
CloseHandle
lstrlenA
SetEndOfFile
DeleteCriticalSection
SetFilePointer
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
VirtualFree
HeapCreate
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetFileType
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetStartupInfoA
TerminateProcess
TlsGetValue
user32
UpdateWindow
ExitWindowsEx
MessageBoxA
FindWindowA
DefWindowProcA
InvalidateRect
GetWindowRect
GetSysColor
EndPaint
GetDlgItem
SetWindowTextA
SendMessageA
BeginPaint
LoadBitmapA
PostQuitMessage
DestroyWindow
IsDialogMessageA
FillRect
ShowWindow
SetWindowPos
AdjustWindowRectEx
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
SetForegroundWindow
SetFocus
TranslateMessage
DispatchMessageA
GetMessageA
gdi32
TextOutA
GetTextExtentPoint32A
SetBkMode
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectA
CreateFontA
GetStockObject
CreateSolidBrush
advapi32
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
shell32
SHFileOperationA
ShellExecuteA
SHGetFolderPathA
oleaut32
VariantClear
shlwapi
SHDeleteKeyA
PathFileExistsA
StrStrIA
StrNCatA
wnsprintfA
Sections
.text Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 192KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ