Static task
static1
Behavioral task
behavioral1
Sample
e00f2f041d4c88d7294da2a3a5c7b85e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e00f2f041d4c88d7294da2a3a5c7b85e_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
e00f2f041d4c88d7294da2a3a5c7b85e_JaffaCakes118
-
Size
361KB
-
MD5
e00f2f041d4c88d7294da2a3a5c7b85e
-
SHA1
7b44584eaf96466cf501c27b2c8bcd50507dafe9
-
SHA256
6a1b91e518c454ada77d66005d1f1dff19620939567c04129992d1a1811f0517
-
SHA512
1cfef6c178093e0377aeb85e536e344ebd88b9a10ebe688bc2998b78bb9649c1567ab01a717099a2c6f2135b636c7c5f9462d5b5e612be54531dd33e1da6638a
-
SSDEEP
6144:ZKlLkXRRcBaIxm15ybiEg+QO8bMebp9pMXt8f9m:ZKlLkXRR+aIxml+Tle1pU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e00f2f041d4c88d7294da2a3a5c7b85e_JaffaCakes118
Files
-
e00f2f041d4c88d7294da2a3a5c7b85e_JaffaCakes118.exe windows:5 windows x86 arch:x86
8dc32ea8eebafc13702945794d3ea1df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetLocaleInfoA
HeapSize
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
CreateThread
GetModuleHandleA
LockResource
LoadLibraryA
GetProcAddress
GetLastError
GlobalUnlock
SizeofResource
Sleep
LoadLibraryW
GlobalAlloc
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapReAlloc
VirtualAlloc
EnumTimeFormatsA
GlobalLock
LoadLibraryExW
LoadResource
FindResourceExW
FreeResource
FindResourceA
DeleteCriticalSection
VirtualFree
HeapCreate
RtlUnwind
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
user32
GetWindowRect
EndDialog
GetDlgItem
CreateAcceleratorTableA
MessageBoxA
GetWindowTextA
SetDlgItemInt
GetDC
BeginPaint
SendMessageA
GetWindowTextLengthA
GetClientRect
GetWindowThreadProcessId
LookupIconIdFromDirectory
DestroyIcon
LoadIconA
GetFocus
SystemParametersInfoA
IsDlgButtonChecked
GetSysColorBrush
CheckDlgButton
CreateIconFromResource
GetDlgItemInt
gdi32
CreateFontA
GetDeviceCaps
GdiSetBatchLimit
EndDoc
TextOutA
comdlg32
CommDlgExtendedError
GetSaveFileNameA
advapi32
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
shell32
SHGetMalloc
SHCreateDirectoryExA
SHGetFolderPathA
SHGetDesktopFolder
ole32
CoInitialize
OleGetClipboard
ReleaseStgMedium
ws2_32
WSAStartup
accept
listen
WSASocketA
getsockopt
closesocket
__WSAFDIsSet
socket
bind
recv
WSACleanup
htons
WSAGetLastError
select
mpr
WNetGetUserW
shlwapi
PathFileExistsW
PathAppendA
PathIsRelativeW
comctl32
ord17
ImageList_Create
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_ReplaceIcon
activeds
ord9
pdh
PdhCloseLog
PdhCloseQuery
Sections
.text Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 248KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ