Static task
static1
Behavioral task
behavioral1
Sample
b4625af8eaf58d9291970715e5065641_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b4625af8eaf58d9291970715e5065641_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
b4625af8eaf58d9291970715e5065641_JaffaCakes118
-
Size
160KB
-
MD5
b4625af8eaf58d9291970715e5065641
-
SHA1
db59b5a61b196f956ad89ee09acfa6f023bba8d3
-
SHA256
8dc07459a5829d0a1b2efeccf9c346f0d816c120bc244d298096e86b81b7745b
-
SHA512
bcaa5013eb77567a7a83cda1b12a18c5d26c6ce2c23c7829f041b9e97443edf50b4d36b6e967fe2c57c6d917c7ac6d2481d314235cc3dd8b3318118aa531b185
-
SSDEEP
3072:DHY+Z1lCC42XS/A19sZFTYNNL9cdGabV8024X3DEtdqLe/JQXQEYcTVeaFePODW2:DHYWlCC420GsZNo9obV1bX32Qa/KQEdj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b4625af8eaf58d9291970715e5065641_JaffaCakes118
Files
-
b4625af8eaf58d9291970715e5065641_JaffaCakes118.exe windows:1 windows x86 arch:x86
6676a9fc3d41a4560eab9dff2eb3540b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
ShellExecuteW
kernel32
FindResourceA
GetLocaleInfoA
GetModuleFileNameA
lstrcpyA
lstrcatW
FindNextFileA
CreateSemaphoreA
GetModuleHandleA
GetTickCount
FindClose
CloseHandle
CreateFileA
Sleep
DeleteFileW
GetCurrentProcess
GetLastError
GetWindowsDirectoryA
GetSystemDefaultLCID
EnterCriticalSection
GetProfileStringW
GetSystemDirectoryW
lstrcatA
lstrcat
WriteFile
ReadFile
FindFirstFileA
InitializeCriticalSection
OpenProcess
GetSystemDirectoryA
GetConsoleCP
GetFileSizeEx
DuplicateHandle
lstrcpyW
WritePrivateProfileStructA
Thread32Next
SetTimeZoneInformation
OpenSemaphoreA
CopyFileA
VirtualUnlock
OpenEventW
QueueUserAPC
OpenSemaphoreW
GetDateFormatA
UnlockFile
GetStringTypeW
CreateJobSet
VirtualAlloc
SetComputerNameA
LeaveCriticalSection
CreateFileW
GetProcAddress
lstrlenA
DeleteFileA
GetPrivateProfileIntA
VirtualFree
advapi32
QueryAllTracesA
RegCloseKey
CloseServiceHandle
SetServiceObjectSecurity
LookupPrivilegeValueA
QueryAllTracesW
ElfOpenEventLogW
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
OpenSCManagerA
RegOpenKeyA
EnumServicesStatusA
SaferiIsExecutableFileType
RegQueryValueExA
RegCreateKeyA
ntdll
NtQuerySystemInformation
strstr
isdigit
RtlFreeUnicodeString
memcpy
vsprintf
NtQueryObject
tolower
memset
ZwLoadDriver
isspace
_chkstk
sprintf
strlen
strncmp
RtlInitAnsiString
wcsstr
RtlAnsiStringToUnicodeString
psapi
GetProcessImageFileNameA
EnumProcesses
ws2_32
select
recv
gethostbyname
WSAIsBlocking
socket
WSAStartup
WSANSPIoctl
htonl
WSACancelBlockingCall
htons
connect
closesocket
WSAConnect
__WSAFDIsSet
send
WSALookupServiceNextA
ole32
CoCreateGuid
user32
CharToOemW
CharLowerW
ExitWindowsEx
Sections
.data Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ