Static task
static1
Behavioral task
behavioral1
Sample
eb48ae76088cfa8a1ad146b1742d3021_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eb48ae76088cfa8a1ad146b1742d3021_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
eb48ae76088cfa8a1ad146b1742d3021_JaffaCakes118
-
Size
329KB
-
MD5
eb48ae76088cfa8a1ad146b1742d3021
-
SHA1
86e08cb4f704afd6e0639771af9707e37829748e
-
SHA256
e21f74b91c0e2ba6588835d2023dd7728d115230d69eede76906ee242232a740
-
SHA512
fc155c2d5e64092eb0b8db35d22b3489e2fe7a824b5cfdde756b61fa5f60403e8f10d6860c3d6d80534852a701c377945521f09efd581060a8fee69a4eece8dd
-
SSDEEP
6144:bsvojo1YwlKKi9lZyGCAELt0GZYnRnwM5g/+FnIzqARsCvxXM:mn1YwlKKi9lZhCAEiGaRn/iGQ3xX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eb48ae76088cfa8a1ad146b1742d3021_JaffaCakes118
Files
-
eb48ae76088cfa8a1ad146b1742d3021_JaffaCakes118.exe windows:5 windows x86 arch:x86
58d030a89d7fd8ac2c368285ba31e152
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
cryptdll
MD5Init
CDBuildIntegrityVect
MD5Update
CDLocateCSystem
CDFindCommonCSystemWithKey
CDGenerateRandomBits
CDLocateCheckSum
MD5Final
msvcrt
wcscat
wcscmp
_stricmp
_vsnprintf
free
strrchr
wcstoul
wcscpy
wcslen
wcsspn
swprintf
strchr
wcsrchr
qsort
_strnicmp
_ultoa
malloc
_adjust_fdiv
sprintf
_initterm
_wcsnicmp
sscanf
_except_handler3
_strcmpi
_wcsicmp
ntdll
NtQueryInformationToken
RtlFreeSid
RtlAddAccessAllowedAce
RtlConvertSidToUnicodeString
RtlRegisterWait
RtlLookupElementGenericTable
RtlCreateSecurityDescriptor
RtlDeregisterWait
NtCreateEvent
RtlEnterCriticalSection
RtlCreateAcl
NtOpenProcessToken
NtOpenThreadToken
NtClose
NtOpenEvent
RtlEqualSid
RtlDowncaseUnicodeString
RtlOemStringToUnicodeString
RtlSubAuthoritySid
RtlSetDaclSecurityDescriptor
RtlUpcaseUnicodeString
RtlLeaveCriticalSection
RtlIntegerToUnicodeString
RtlAllocateAndInitializeSid
RtlEraseUnicodeString
RtlVerifyVersionInfo
RtlLookupElementGenericTableAvl
RtlCreateTimer
RtlReleaseResource
RtlGetElementGenericTable
RtlDeleteCriticalSection
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEqualUnicodeString
RtlCopySid
RtlLengthSid
RtlDeleteTimerQueue
RtlCopyLuid
RtlFreeAnsiString
NtDuplicateObject
NtAllocateVirtualMemory
RtlInitUnicodeString
DbgPrint
RtlPrefixUnicodeString
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
VerSetConditionMask
RtlRunDecodeUnicodeString
RtlAnsiStringToUnicodeString
RtlLengthRequiredSid
RtlCreateTimerQueue
NtQuerySystemTime
RtlTimeFieldsToTime
RtlValidSid
RtlNtStatusToDosError
RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
RtlEqualDomainName
RtlInitAnsiString
RtlConvertSharedToExclusive
RtlAppendUnicodeStringToString
RtlAcquireResourceExclusive
RtlInitializeSid
RtlFreeUnicodeString
RtlCopyUnicodeString
RtlInitializeGenericTable
NtAllocateLocallyUniqueId
NtWaitForSingleObject
NtSetSecurityObject
NtQuerySystemInformation
RtlSystemTimeToLocalTime
RtlInitializeCriticalSection
RtlAcquireResourceShared
RtlTimeToTimeFields
RtlInitializeResource
RtlUniform
RtlCompareMemory
RtlSubAuthorityCountSid
msasn1
ASN1intxisuint32
ASN1BEREncU32
ASN1BEREncS32
ASN1BERDecOpenType2
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BEREncObjectIdentifier
ASN1_CloseDecoder
ASN1BERDecBool
ASN1DecAlloc
ASN1bitstring_free
ASN1octetstring_free
ASN1BERDecEndOfContents
ASN1BEREncOctetString
ASN1_FreeEncoded
ASN1BERDecPeekTag
ASN1BERDecU32Val
ASN1charstring_free
ASN1_Encode
ASN1ztcharstring_free
ASN1_FreeDecoded
ASN1DecSetError
ASN1objectidentifier_free
ASN1BERDecSXVal
ASN1BERDecOctetString
ASN1BEREncOpenType
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecGeneralizedTime
ASN1_CreateEncoder
ASN1BERDecSkip
ASN1CEREncGeneralizedTime
ASN1BEREncEndOfContents
ASN1BEREncBitString
ASN1intx_setuint32
ASN1_CloseEncoder
ASN1Free
ASN1EncSetError
ASN1BERDecObjectIdentifier
ASN1BERDecS32Val
ASN1intx2uint32
ASN1intx_free
ASN1intx2int32
ASN1BEREncCharString
ASN1BEREncBool
ASN1_Decode
ASN1BEREncExplicitTag
ASN1_CreateDecoder
ASN1BEREncSX
ASN1BERDecBitString
ASN1BERDecZeroCharString
secur32
CredUnmarshalTargetInfo
CredMarshalTargetInfo
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
advapi32
CryptHashData
RegConnectRegistryW
GetTokenInformation
CredFree
RegCreateKeyExW
ReportEventW
RegisterTraceGuidsW
CredUnmarshalCredentialW
OpenThreadToken
TraceEvent
RegOpenKeyW
RegCloseKey
RegQueryValueExW
CryptAcquireContextW
DeregisterEventSource
RegEnumKeyExW
CryptSetProvParam
RegisterEventSourceW
QueryServiceConfigW
SystemFunction007
SetThreadToken
GetTraceLoggerHandle
RegOpenKeyExW
AllocateAndInitializeSid
CryptGetProvParam
CryptGetHashParam
CryptCreateHash
OpenSCManagerW
RegDeleteValueW
FreeSid
OpenProcessToken
RegQueryInfoKeyW
QueryServiceStatus
CryptReleaseContext
CryptDestroyHash
RevertToSelf
OpenServiceW
RegSetValueExW
CloseServiceHandle
LookupAccountSidW
RegNotifyChangeKeyValue
SystemFunction006
kernel32
GetModuleHandleW
UnregisterWait
GetEnvironmentVariableW
FormatMessageW
CreateFileMappingW
LoadLibraryA
SetUnhandledExceptionFilter
InterlockedCompareExchange
CreateFileW
UnmapViewOfFile
LeaveCriticalSection
CreateEventW
GetCurrentProcess
SetEvent
RegisterWaitForSingleObjectEx
OpenEventW
FreeLibrary
GetSystemInfo
InterlockedExchange
GetCurrentThread
InterlockedExchangeAdd
VirtualAlloc
GetLocalTime
MapViewOfFileEx
CloseHandle
lstrcmpW
MultiByteToWideChar
ExpandEnvironmentStringsW
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
CreateFileA
DebugBreak
LocalAlloc
GetTickCount
InitializeCriticalSection
OutputDebugStringA
GetComputerNameExW
GetModuleFileNameA
GetACP
RaiseException
lstrcpyW
FileTimeToSystemTime
QueryPerformanceCounter
GetModuleFileNameW
InterlockedIncrement
lstrlenW
GetProfileStringA
TerminateProcess
GetLastError
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
EnterCriticalSection
LocalFree
lstrlenA
UnhandledExceptionFilter
GetCurrentProcessId
WriteFile
OpenFileMappingW
GetComputerNameW
GetProcAddress
Sleep
user32
CharLowerBuffW
wsprintfW
Sections
.text Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 264KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE