Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
eab12e9b47e5b96f824c536deb8451a8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eab12e9b47e5b96f824c536deb8451a8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
eab12e9b47e5b96f824c536deb8451a8_JaffaCakes118
-
Size
128KB
-
MD5
eab12e9b47e5b96f824c536deb8451a8
-
SHA1
b3689604e8a63dcca030ed997f6634daede3c86c
-
SHA256
8eb764dcf1519033f97bcf46469a91e1b6f360271fe75dfd9853a6a6ef82950d
-
SHA512
ff8dba0bef9743a1408964fc9d2d9f68dc0c88dd9d111fa5962caf5d8e744c8f994d39458c58649e8967646ddf438a52be8276f3bfc6e0c2f4cbe62a20e0ecfa
-
SSDEEP
3072:UwNReKym4jXbAfA4OD6ZcZy3+BNUrRk139rNzlZiOO:9wbp6ZENl1NjZi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eab12e9b47e5b96f824c536deb8451a8_JaffaCakes118
Files
-
eab12e9b47e5b96f824c536deb8451a8_JaffaCakes118.exe windows:4 windows x86 arch:x86
665b23e14656be39efb9871ecddc1dda
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord696
MethCallEngine
ord516
ord628
ord665
ord593
ord598
ord631
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ProcCallEngine
ord644
ord537
ord681
ord100
ord581
Sections
.text Size: 96KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ