Static task
static1
Behavioral task
behavioral1
Sample
d5326c3c2d255df22f47216f78034ebc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d5326c3c2d255df22f47216f78034ebc_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
d5326c3c2d255df22f47216f78034ebc_JaffaCakes118
-
Size
2.3MB
-
MD5
d5326c3c2d255df22f47216f78034ebc
-
SHA1
2b36b5b72f6d7f1bf5c43fe21a09bdaeedf399c8
-
SHA256
46b24c67f14de4ea0638652ea9da65753cc5357034d6797c6ea79184b5e513aa
-
SHA512
642010c3b5cacd3e448b77b5e390cd665a05dfbc8cfb5455ca879a035936ee8984da3ba7383e0aa2cdd42bc6baa37a34069aa31133c64314ec70be937a38a867
-
SSDEEP
24576:atBh6e/W2kMOsIa7mNnewFS0dx5h64BkFqDvSbwbzsPX7gPSz1/:O/Rk7a7mNewFSM9kFA6EnC1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d5326c3c2d255df22f47216f78034ebc_JaffaCakes118
Files
-
d5326c3c2d255df22f47216f78034ebc_JaffaCakes118.exe windows:6 windows x86 arch:x86
48f0912717d05d045441fd64dffb1725
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TlsAlloc
GetLastError
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
CreateFileW
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
WideCharToMultiByte
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
DecodePointer
RaiseException
MultiByteToWideChar
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
FormatMessageA
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
user32
GetWindowModuleFileNameW
shell32
ord167
Shell_GetCachedImageIndexW
ord98
DragFinish
DoEnvironmentSubstW
ord90
ole32
OleInitialize
ws2_32
WSACleanup
closesocket
WSASetLastError
ioctlsocket
WSARecvFrom
WSASend
WSASendTo
WSASocketW
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
WSAStartup
Sections
.text Size: 256KB - Virtual size: 256KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bxc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vxc Size: 786KB - Virtual size: 786KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ