Static task
static1
Behavioral task
behavioral1
Sample
ef52bb6edfe9442ab50db27c3f7ebaf9_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ef52bb6edfe9442ab50db27c3f7ebaf9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
ef52bb6edfe9442ab50db27c3f7ebaf9_JaffaCakes118
-
Size
575KB
-
MD5
ef52bb6edfe9442ab50db27c3f7ebaf9
-
SHA1
8f3e7f0e0c16debb3299c56d2dd08e92ea283df7
-
SHA256
0d9d5f0e534f3438e0e7d3973c0840ed2d880ef8a37b2e561e68608e7578db57
-
SHA512
b5b0f50995ad49750e6342c66f2f9ac07a2a8a4e4c17c445368d10f24e58bbac31dd373e8c53365f3335cc70f34ce0a0ea9e9e99807373c972511d26020784c8
-
SSDEEP
12288:yjC03bZ4iyiqXTHddC4UmhozcAWfaP5RzdGXM3KBf/sLoea8APbg0KS:2P94BDH/C6hBHSPHz4XMJuTES
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ef52bb6edfe9442ab50db27c3f7ebaf9_JaffaCakes118
Files
-
ef52bb6edfe9442ab50db27c3f7ebaf9_JaffaCakes118.exe windows:4 windows x86 arch:x86
acd9fa3a74cc4c1d92998e6ad62eeb8f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA
user32
wsprintfA
MessageBoxA
Sections
.data Size: - Virtual size: 764KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 536KB - Virtual size: 536KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ex_cod Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ