Static task
static1
Behavioral task
behavioral1
Sample
eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118
-
Size
187KB
-
MD5
eb3c40dbd32e5d204a469aad49ff8411
-
SHA1
8310f18ed46a22358532018b2a13abde775d420e
-
SHA256
4d7d696f8fd6bdf7940e281262fe59780645f02a90633a2d999cb94cedeb17c0
-
SHA512
43e2e944ed4240bc1499fd9aa16250301e4fe75d6488fa0cdde0538e7b922aec580a887583482cbbdfa3ec28ec8c428a6dc1aedcbce4c195e1d9edd9d4c98205
-
SSDEEP
3072:bnd550ZpLaL3lyg+2I7gw4J9k5iH8zhT7sx01+C5Gvgqp:yZpq3YgBI7n4Ji53zhX801+0M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118
Files
-
eb3c40dbd32e5d204a469aad49ff8411_JaffaCakes118.exe windows:4 windows x86 arch:x86
315f7966d68e14de65e8c0277a13be11
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
imm32
ImmAssociateContext
kernel32
CreateFileW
SetProcessPriorityBoost
CreateProcessW
GlobalAlloc
ReadFile
InterlockedDecrement
GetModuleFileNameW
EnumResourceTypesA
Sleep
TerminateThread
WriteFile
GlobalLock
GetStdHandle
CreateEventW
DeleteCriticalSection
GlobalUnlock
ole32
GetHGlobalFromILockBytes
CoTaskMemFree
StringFromGUID2
Sections
.text Size: 121KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 1024B - Virtual size: 652B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ