Static task
static1
Behavioral task
behavioral1
Sample
dcd389a51282fde425ce2213739a7601_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dcd389a51282fde425ce2213739a7601_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
dcd389a51282fde425ce2213739a7601_JaffaCakes118
-
Size
180KB
-
MD5
dcd389a51282fde425ce2213739a7601
-
SHA1
f670fece20932bb25f1dee7aa42a8b7b615d04a1
-
SHA256
10967134e85f3d77eb587d679a6827081628b796d342216b532f148b392cb462
-
SHA512
dcc3caaed00d2e552376244d8a79097c481706403a0a0c6724673e3ff0d72ae4bc6d1370f17d968d2d91f23fbfd8555e134e1c859d946203f6714e9e8cfcb0bb
-
SSDEEP
3072:6ww2KbvT6XqRbCdpwPUebs6mrrfr0/RcXd/wA5ZfD3XDaUkpS:NUvGXqpZMebrmrro/RctwA5xzG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dcd389a51282fde425ce2213739a7601_JaffaCakes118
Files
-
dcd389a51282fde425ce2213739a7601_JaffaCakes118.exe windows:4 windows x86 arch:x86
0b6257780feba3aa53af305a043a91d4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReplaceFileW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetProcessId
GetStartupInfoW
IsDebuggerPresent
InterlockedCompareExchange
GetSystemTimeAsFileTime
EnumResourceTypesA
InterlockedExchange
ExitProcess
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceCounter
Sleep
GetCurrentProcess
advapi32
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
shell32
ShellExecuteW
user32
EnumDisplaySettingsW
clusapi
CloseCluster
comctl32
InitCommonControlsEx
Sections
.text Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ