Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
eacd1f588749c12e00f650efde056151_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eacd1f588749c12e00f650efde056151_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
eacd1f588749c12e00f650efde056151_JaffaCakes118
-
Size
119KB
-
MD5
eacd1f588749c12e00f650efde056151
-
SHA1
0f8ae9588132f337e1aba7f7b69a0faa39adc0d5
-
SHA256
78a0bed30f98dd402087b605defcbe75b09ff7e346daef392461b829a29acf25
-
SHA512
b190e4ce1cf3f229dc6d3d59e2e1098ebc4b6285b015af4419cc0fb242410e33cbe95ebfe77a894fd6cdc95114b6f55a10075fc628a6e3ec8ad66d8e5e558930
-
SSDEEP
3072:pVzjzrYQkED9OyNCevNR0sSq3lVwibQT6ISiPeIE4ua1P:pVzjsEJOyNP3PPwibQ2TIFX1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eacd1f588749c12e00f650efde056151_JaffaCakes118
Files
-
eacd1f588749c12e00f650efde056151_JaffaCakes118.exe windows:0 windows x86 arch:x86
4bda570ce112adc211f3bd7fa6b82f33
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetModuleHandleA
GetProcAddress
VirtualProtect
msvcrt
malloc
user32
MessageBoxA
Sections
.text Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.QW0 Size: - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.QW1 Size: - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.QW2 Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xiaohui Size: 6B - Virtual size: 6B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ