Static task
static1
Behavioral task
behavioral1
Sample
bc7a33730a803776f85f19ce30442e0c_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
bc7a33730a803776f85f19ce30442e0c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
bc7a33730a803776f85f19ce30442e0c_JaffaCakes118
-
Size
161KB
-
MD5
bc7a33730a803776f85f19ce30442e0c
-
SHA1
b11a301586b45f3b748776cd93033bc553a110ac
-
SHA256
6318f9d1bc496bf25fe2aadf63de10ad063dbd328452e7ee595b75cfce9f395f
-
SHA512
ea0db4c39a01866a6c72c5764cc62b4cb725fa3902909bd1ea40dc893a521040e8568948883e3d0d329d98f04166ce0b8254a79413188e88969fdbcb4224b2f9
-
SSDEEP
3072:RAM1imw5GMCBQIHCKOWQ/wx3pQwHk+FQG4zobydx7nNBz+vfE1ST5oeGRV4l:H17ws5HC6Q/wx3dHt4zobydx7nT+vfcP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bc7a33730a803776f85f19ce30442e0c_JaffaCakes118
Files
-
bc7a33730a803776f85f19ce30442e0c_JaffaCakes118.exe windows:4 windows x86 arch:x86
a7372703c59e80fe1f8d635b8c5372fb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetACP
EnterCriticalSection
GetSystemTimeAsFileTime
HeapFree
VirtualFree
LCMapStringW
TerminateProcess
ReadFile
CompareStringW
VirtualAlloc
SetUnhandledExceptionFilter
FreeLibrary
SetEndOfFile
MultiByteToWideChar
CompareStringA
LoadLibraryA
SetStdHandle
LCMapStringA
IsValidCodePage
GetDateFormatA
GetTickCount
HeapCreate
EnumResourceTypesA
SetEnvironmentVariableA
SetFilePointer
HeapDestroy
WriteConsoleA
GetCurrentProcess
GetStringTypeW
GetOEMCP
CompareFileTime
HeapSize
GetTimeZoneInformation
LeaveCriticalSection
WriteFile
GetLocaleInfoA
RaiseException
GetConsoleOutputCP
QueryPerformanceCounter
HeapReAlloc
RtlUnwind
UnhandledExceptionFilter
GetTimeFormatA
InitializeCriticalSection
IsDebuggerPresent
GetCurrentProcessId
GetCPInfo
GetStringTypeA
iphlpapi
GetIpAddrTable
advapi32
SetNamedSecurityInfoW
SetSecurityInfo
QueryServiceStatus
QueryServiceLockStatusW
RegSetValueExW
LookupPrivilegeValueA
LockServiceDatabase
InitializeAcl
GetAce
AllocateAndInitializeSid
AdjustTokenPrivileges
ChangeServiceConfig2W
OpenServiceW
GetSecurityInfo
IsValidSecurityDescriptor
FreeSid
LookupAccountSidW
StartServiceA
RegQueryValueExW
AddAce
RegGetKeySecurity
RegCreateKeyExW
UnlockServiceDatabase
EnumDependentServicesW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorControl
RegEnumKeyExW
RegDeleteValueW
GetTokenInformation
GetNamedSecurityInfoW
OpenProcessToken
RegOpenKeyExW
FreeInheritedFromArray
ChangeServiceConfigW
SetEntriesInAclA
EqualSid
RegDeleteKeyW
LookupPrivilegeNameA
CreateServiceW
DeleteService
GetAclInformation
IsValidAcl
CloseServiceHandle
ControlService
RegCloseKey
RegRestoreKeyW
OpenSCManagerW
GetInheritanceSourceW
SetSecurityDescriptorDacl
RegSaveKeyW
SetEntriesInAclW
QueryServiceConfigW
InitializeSecurityDescriptor
RegEnumValueW
oleacc
LresultFromObject
AccessibleObjectFromPoint
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ