Static task
static1
Behavioral task
behavioral1
Sample
cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118
-
Size
143KB
-
MD5
cecf3d0819a9c167f2b77724ed1e055c
-
SHA1
b9f44d23dcd46de7261ed740ebeabf6e9f1adff4
-
SHA256
1ab22853687026a773a39ac745a860ace0b4fc487909e8a63c95ba471d39bfb5
-
SHA512
c402341c09233bd604e032b017b49d12221e7d0410cdebda2e04a6690463ede7f750a66a5921f4c050605ecccbaf32613673ff2a94523ac39e0adca00278c2b4
-
SSDEEP
1536:kFVtEiQGYntRrptf8UKtYqzoINghoxVASEdjQfz6Cq:IRQFrptftKtYqbghoxVudjQLM
Malware Config
Signatures
Files
-
cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118.exe windows:4 windows x86 arch:x86
baf90112f5369077568aad2fa695f640
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29/01/1996, 00:00Not After01/08/2028, 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before27/11/2009, 00:00Not After27/11/2011, 23:59SubjectCN=YNK JAPAN Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YNK JAPAN Inc,L=\ Nihonbashi Kodenmachou10-6,ST=Chuo-ku,C=JPExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8Signer
Actual PE Digest3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
free
_except_handler3
srand
wcslen
wcscat
rand
memset
swprintf
_wfopen
fwrite
fclose
kernel32
LoadLibraryW
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
Sections
.text Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 120KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ