Static task
static1
Behavioral task
behavioral1
Sample
b91183a3a875de50efb932765e0063a6_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b91183a3a875de50efb932765e0063a6_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
b91183a3a875de50efb932765e0063a6_JaffaCakes118
-
Size
530KB
-
MD5
b91183a3a875de50efb932765e0063a6
-
SHA1
edb6b284f82781b126948c5972678ae051879471
-
SHA256
06d8117dfe0272d4223490d9d3ab67c7d0e78dce64ab1aea776e09bf13693533
-
SHA512
a2628eb408d20ab51dce5be5370e612d6e20be46f913106570b96d31876a85fc6e09de886f7d6d085a7aa308c9a03dca5645431adcff0bace7ba3714b8b4a177
-
SSDEEP
12288:+bdB736hW4N0GQ7xIJ9F56OtP2XXQewle2tegnQU:odB73FQQ7ImOtPeXSte0QU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b91183a3a875de50efb932765e0063a6_JaffaCakes118
Files
-
b91183a3a875de50efb932765e0063a6_JaffaCakes118.exe windows:5 windows x86 arch:x86
cc5c86701dee385d0f6fd87fa8b39c68
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathCombineW
SHDeleteKeyA
StrCmpNIA
wnsprintfW
wvnsprintfW
PathRemoveFileSpecW
wvnsprintfA
StrCmpNIW
StrStrW
PathFindFileNameW
wnsprintfA
PathFileExistsW
PathMatchSpecW
advapi32
CryptGetHashParam
RegCloseKey
RegDeleteValueA
CryptReleaseContext
CryptCreateHash
DuplicateTokenEx
RegQueryValueExA
Sections
.vcjeh Size: 39KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.lyf Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.kbgh Size: 5KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ