Static task
static1
Behavioral task
behavioral1
Sample
dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118
-
Size
80KB
-
MD5
dea87eabc78255f6e20cce1dc6014ca9
-
SHA1
eabe7a45ea9041fe9cf67eb3deb32cf675ac5c14
-
SHA256
8bc6a863e6776a888665ba4c2478aa12a3314d0f7f5d246fd8888ac42a65e041
-
SHA512
8b6218bcb2363c1dbda98545fd7cc6f1083331511f6940beb6598fc8e4bda1acaf55a958298eb97c32d9a4091313920c26c573a59e777d96afbcb9fb43f844ac
-
SSDEEP
1536:xw46dDI5yXhs1OvpUjUKb2BJbYGVFFW1Yeuj3gzbcposA:GNDAymkvpUjUKbKJbYGVFU1YfRT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118
Files
-
dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118.exe windows:4 windows x86 arch:x86
2e6b704453f4a7dd5fd5ad1044472b6f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
user32
GetSubMenu
UnhookWindowsHookEx
EnumWindows
FrameRect
SetWindowPos
SetWindowTextA
EnableMenuItem
GetMessageA
PostQuitMessage
EqualRect
GetSysColor
GetSysColorBrush
GetScrollPos
kernel32
GetOEMCP
GetFileAttributesA
ExitProcess
GetTickCount
GetTimeZoneInformation
GetStartupInfoA
InterlockedExchange
SetUnhandledExceptionFilter
GetACP
GetCurrentProcessId
GetTempPathA
VirtualAllocEx
FileTimeToSystemTime
RtlUnwind
GetThreadLocale
QueryPerformanceCounter
gdi32
GetMapMode
DPtoLP
CreateICW
CreateCompatibleBitmap
CopyEnhMetaFileA
FillRgn
SetViewportExtEx
SelectClipPath
ExcludeClipRect
ole32
CoInitializeSecurity
CoRevokeClassObject
StringFromGUID2
OleRun
CoCreateInstance
StgOpenStorage
CoTaskMemRealloc
CoInitialize
DoDragDrop
advapi32
GetUserNameA
RegCreateKeyA
CryptHashData
QueryServiceStatus
FreeSid
AdjustTokenPrivileges
RegCreateKeyExW
CheckTokenMembership
GetSecurityDescriptorDacl
RegQueryValueExW
msvcrt
fflush
strlen
__getmainargs
_strdup
strncpy
puts
_CIpow
__setusermatherr
signal
__initenv
fprintf
strcspn
_fdopen
_lock
_flsbuf
iswspace
_mbscmp
raise
comctl32
ImageList_DragEnter
ImageList_ReplaceIcon
InitCommonControls
ImageList_Destroy
CreatePropertySheetPageA
ImageList_SetIconSize
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_Write
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_GetIcon
shell32
ShellExecuteEx
DoEnvironmentSubstW
SHBrowseForFolderA
SHGetPathFromIDList
DragQueryFileA
DragQueryFileW
CommandLineToArgvW
ExtractIconW
DragAcceptFiles
ExtractIconExW
ShellExecuteW
oleaut32
VariantCopy
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayRedim
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE