Static task
static1
Behavioral task
behavioral1
Sample
b8f59038b82fb6378cb14f5e063b2ea0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b8f59038b82fb6378cb14f5e063b2ea0_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
b8f59038b82fb6378cb14f5e063b2ea0_JaffaCakes118
-
Size
206KB
-
MD5
b8f59038b82fb6378cb14f5e063b2ea0
-
SHA1
a01c9bfa29c0482002165449ac33149544c3c788
-
SHA256
8ebcf5646b20cb4c3f44de3a6a6f0052562974bc333eb830fcf1fec3bbf94026
-
SHA512
28b586aa06d6cb72c4d55df31f852497ef12e89392c3d43b54e85090f87333f5faa24d3ba16b1fe000a32db00afccbe8d3d0f63bd86622a3f90b64c50e608d0d
-
SSDEEP
3072:8k/MiYB0Xn55YThX9ro0tq7CRbUzhTD1pz1UYFqUj2RMSlcxl4jZrvKAq:vLX5cR9rot7WKVD1pvFHJPUcAq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b8f59038b82fb6378cb14f5e063b2ea0_JaffaCakes118
Files
-
b8f59038b82fb6378cb14f5e063b2ea0_JaffaCakes118.exe windows:4 windows x86 arch:x86
674ce3f13776c40dd45079361d7e3c81
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW
RegSetValueW
kernel32
GetShortPathNameA
CreateFileW
GlobalFree
GetFileInformationByHandle
GetProcAddress
CloseHandle
EnumResourceTypesW
GetModuleHandleW
GetCurrentThreadId
ExitProcess
UnhandledExceptionFilter
GetCurrentProcessId
LoadLibraryW
GetLastError
GetVersionExW
user32
SetCursor
GetWindowPlacement
PostMessageW
SetRectEmpty
InvalidateRect
AdjustWindowRectEx
GetClientRect
FillRect
msvfw32
ICClose
ICSendMessage
ICOpen
ICDecompress
Sections
.text Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 1024B - Virtual size: 340KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ