Static task
static1
Behavioral task
behavioral1
Sample
da0b22a98ec12b15dc441c9b90681353_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da0b22a98ec12b15dc441c9b90681353_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
da0b22a98ec12b15dc441c9b90681353_JaffaCakes118
-
Size
945KB
-
MD5
da0b22a98ec12b15dc441c9b90681353
-
SHA1
7ef603345f09819cd4005afd938a4f95c1762aca
-
SHA256
c085b5f3b37db3e4f96822a04c8bfc2991a097d18cdd67f6204ff569f5e1981c
-
SHA512
e119f41887096751da38db1fc9bcca3376be2b1c496bc13a6c1af2fbdfa1a58f8de49a3042f57e0ce633e3a80f565b2e0ac559920d1126c3552310d9237548b0
-
SSDEEP
24576:lCJ0J0GGjxj2mVOATOddRc2SfK2kLsipbB:BGjxj2qlOTVakAYb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource da0b22a98ec12b15dc441c9b90681353_JaffaCakes118
Files
-
da0b22a98ec12b15dc441c9b90681353_JaffaCakes118.exe windows:5 windows x86 arch:x86
78c43465002ff8083e858464dd71a16d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetThreadLocale
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
FindFirstFileW
GetFileAttributesW
CreateFileW
GetFullPathNameW
GetStartupInfoW
LoadLibraryExW
FormatMessageW
FileTimeToSystemTime
GetSystemInfo
GetSystemTimeAsFileTime
CloseHandle
FindClose
SetFilePointer
ReadFile
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
GetCurrentProcess
VirtualAlloc
LocalAlloc
GetVersion
GetUserDefaultLCID
GetProcAddress
GetModuleHandleW
comctl32
_TrackMouseEvent
ImageList_Add
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Write
ImageList_GetImageInfo
FlatSB_SetScrollProp
ImageList_Create
CreateStatusWindowW
crypt32
CryptEncodeObject
CryptMsgUpdate
CertCloseStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CertAddStoreToCollection
CertControlStore
CertGetEnhancedKeyUsage
CryptHashPublicKeyInfo
CertNameToStrW
CertFreeCertificateChain
CryptStringToBinaryW
wintrust
CryptCATAdminReleaseCatalogContext
WTHelperGetProvCertFromChain
WinVerifyTrust
shlwapi
SHAutoComplete
SHGetValueW
SHDeleteValueW
SHDeleteKeyW
SHDeleteEmptyKeyW
UrlUnescapeW
PathRemoveBackslashW
PathParseIconLocationW
PathIsNetworkPathW
PathIsRootW
PathGetDriveNumberW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathBuildRootW
SHStrDupW
StrRetToStrW
StrPBrkW
StrChrW
setupapi
CM_Locate_DevNodeW
CM_Get_Parent_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Device_IDW
SetupDiGetActualSectionToInstallW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupOpenInfFileW
SetupFindFirstLineW
SetupFindNextLine
SetupGetLineCountW
SetupGetFieldCount
SetupCloseFileQueue
SetupInstallFromInfSectionW
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDriverInfoW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
Sections
.text Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 883KB - Virtual size: 7.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ