Static task
static1
Behavioral task
behavioral1
Sample
b406b59f0a246994e752cce8bfaa2333_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b406b59f0a246994e752cce8bfaa2333_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
b406b59f0a246994e752cce8bfaa2333_JaffaCakes118
-
Size
176KB
-
MD5
b406b59f0a246994e752cce8bfaa2333
-
SHA1
629d2bf0c0a477b104acbc65f11d9e655e0b3b52
-
SHA256
ee98d8ba5dc3ec510bce232891eb84f251d1f2118efa26e69893f561d9aeb410
-
SHA512
2b1244f8201b40106a4ee476185b5bdd7a1d27b172374ef5b31c045f42d28f0bd90da7a713c92b8570282bf83c2335117de2794375809197ae50cc895e86d76e
-
SSDEEP
3072:JdSWXlxtyQ8VBBtWCvsPpXlXf2Idq5RDgPGum6Dz4/nA9+eNcCttRHszfU+/0:+WTtC8C2zf2IdIRD4Zm6Dz4/nABaB/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b406b59f0a246994e752cce8bfaa2333_JaffaCakes118
Files
-
b406b59f0a246994e752cce8bfaa2333_JaffaCakes118.exe windows:4 windows x86 arch:x86
b0a0626f6b68e7d53b61777fb759c354
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
LockResource
lstrcmpiW
lstrcpynW
GetLastError
CheckRemoteDebuggerPresent
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GetCPInfo
EnumResourceTypesW
lstrcpyW
GetTickCount
lstrlenW
FindClose
InitializeCriticalSection
GetACP
OutputDebugStringW
DeleteCriticalSection
lstrcpyA
GetModuleHandleW
winspool.drv
DocumentPropertiesW
user32
SetTimer
wsprintfW
CharUpperW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
GetAncestor
GetDC
TranslateMessage
KillTimer
UnregisterClassA
Sections
.text Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 980B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.isete Size: 1024B - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ