Static task
static1
Behavioral task
behavioral1
Sample
cf8861ae0c0525d345a72ac43a767548_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cf8861ae0c0525d345a72ac43a767548_JaffaCakes118.dll
Resource
win10v2004-20240802-en
General
-
Target
cf8861ae0c0525d345a72ac43a767548_JaffaCakes118
-
Size
15KB
-
MD5
cf8861ae0c0525d345a72ac43a767548
-
SHA1
108c3eb82a6565454f1eede1d8011a6995e36119
-
SHA256
96476145915562ec0e31f11dc9519f4f14cc4c516dee8bfa1e679bb481650eef
-
SHA512
d3176a7ea36d815ea72998eecf6545357967fae1998eb5ff5cd084d4518eb03faf58eb26885d10102c4b8a2f559e134cb08a9e809f80cd91975cc6f3144301e7
-
SSDEEP
384:lKV+qXaV/EANILsAgneU8NNz9vdNWIjrWpP:+GpNIIb8NNz9VvW
Malware Config
Signatures
Files
-
cf8861ae0c0525d345a72ac43a767548_JaffaCakes118.dll windows:4 windows x86 arch:x86
0e75d060369525895ae7a3a8219856a1
Code Sign
36:0a:0e:da:c2:4d:e5:42:bd:da:43:f9:ef:59:0e:2aCertificate
IssuerCN=Root AgencyNot Before27/09/2010, 10:05Not After31/12/2039, 23:59SubjectCN=CeleSign,OU=WWW.CeleWare.NET,O=CeleWare.NET,1.2.840.113549.1.9.1=#0c1443656c655369676e40686f746d61696c2e636f6dSigner
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateEventA
GetLastError
GetSystemDirectoryA
lstrcatA
LoadLibraryA
VirtualAlloc
GlobalAlloc
CloseHandle
CreateThread
GetModuleFileNameA
lstrcmpiA
msvcrt
memcpy
strrchr
Exports
Exports
wdmAudio
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 82B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ