Static task
static1
Behavioral task
behavioral1
Sample
b2981344d9baeb73b9f242c8b3665747_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b2981344d9baeb73b9f242c8b3665747_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
b2981344d9baeb73b9f242c8b3665747_JaffaCakes118
-
Size
161KB
-
MD5
b2981344d9baeb73b9f242c8b3665747
-
SHA1
ed4233e59ee5022837ce415eda4d11d30de9c266
-
SHA256
14cf37133d7c3ee00983860e065e1ac1a955d28aa5b6d3d3055130ea099f72cf
-
SHA512
529096f011c0e3e7883f6fc656c96f3364ad33707842b7bb3d1e39bcac42fb2faf536aa08cd8bb600344903f450e11bdc3be745f5d636361535cfbae589e6fa9
-
SSDEEP
3072:Bj3aKS1Mu7jObKcXSenecDYNV2JG6Vv5ObH3t2ZHWdkYLB9bZNUJnP:Bw7jtbeiNV2syWaCB9bPUJn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b2981344d9baeb73b9f242c8b3665747_JaffaCakes118
Files
-
b2981344d9baeb73b9f242c8b3665747_JaffaCakes118.exe windows:4 windows x86 arch:x86
3ede490411709d2f3ded53b642215cff
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapSize
LCMapStringW
QueryPerformanceCounter
HeapFree
UnhandledExceptionFilter
TerminateProcess
GetConsoleOutputCP
GetOEMCP
CompareStringW
HeapDestroy
SetEndOfFile
SetEnvironmentVariableA
RaiseException
FreeLibrary
LoadLibraryA
GetStringTypeW
WriteFile
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetDateFormatA
IsDebuggerPresent
SetFilePointer
SetStdHandle
EnumResourceTypesA
GetACP
InitializeCriticalSection
GetLocaleInfoA
VirtualFree
WriteConsoleA
HeapCreate
CreateMailslotW
HeapReAlloc
ReadFile
LeaveCriticalSection
GetTimeFormatA
GetSystemTimeAsFileTime
MultiByteToWideChar
RtlUnwind
LCMapStringA
GetTickCount
GetCurrentProcessId
IsValidCodePage
CompareStringA
GetCurrentProcess
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
advapi32
LookupAccountSidW
CreateServiceW
QueryServiceStatus
EnumDependentServicesW
GetSecurityDescriptorControl
RegQueryValueExW
GetAclInformation
RegDeleteKeyW
IsValidSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
GetAce
InitializeSecurityDescriptor
GetSecurityInfo
RegSaveKeyW
SetEntriesInAclW
FreeSid
FreeInheritedFromArray
RegGetKeySecurity
IsValidAcl
QueryServiceLockStatusW
EqualSid
LookupPrivilegeValueA
AddAce
GetTokenInformation
UnlockServiceDatabase
RegCloseKey
ChangeServiceConfig2W
AdjustTokenPrivileges
RegEnumKeyExW
AllocateAndInitializeSid
ChangeServiceConfigW
RegCreateKeyExW
SetSecurityInfo
SetNamedSecurityInfoW
CloseServiceHandle
SetEntriesInAclA
LockServiceDatabase
QueryServiceConfigW
RegRestoreKeyW
OpenServiceW
RegOpenKeyExW
DeleteService
GetNamedSecurityInfoW
OpenProcessToken
RegDeleteValueW
LookupPrivilegeNameA
ControlService
StartServiceA
GetInheritanceSourceW
OpenSCManagerW
RegSetValueExW
RegEnumValueW
oleacc
LresultFromObject
AccessibleObjectFromPoint
iphlpapi
GetIpAddrTable
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ