Static task
static1
Behavioral task
behavioral1
Sample
f55ce56a4c02445219fe1e00c6b0df1c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f55ce56a4c02445219fe1e00c6b0df1c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
f55ce56a4c02445219fe1e00c6b0df1c_JaffaCakes118
-
Size
239KB
-
MD5
f55ce56a4c02445219fe1e00c6b0df1c
-
SHA1
581dc1b1144c9f52ecb374a9ecdf198ea23fe112
-
SHA256
0e0885d580cde4a73db74f696a72bc88811f1ad1ad4666fbcaefc21e9de65d06
-
SHA512
c93ad52c260202bbdc7b2b90cb705b5a1b9dc6abe70c2b2d2088c9872b49ad0937f2501d8f121c7a3e2708b3b39dcc9dca6c93791f63b390a366a498c5b4d631
-
SSDEEP
3072:DbWAs+Vduh2r7n9dOElSJG2pwDcIPMpnEJ+iNwssJOUPR/mH6Fd/NpDKjBW:D6A1Qh2f9d8G2pHtJqcMUpHLKjk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f55ce56a4c02445219fe1e00c6b0df1c_JaffaCakes118
Files
-
f55ce56a4c02445219fe1e00c6b0df1c_JaffaCakes118.exe windows:6 windows x86 arch:x86
5d1fb35cc7629e036ea8fb58c24265ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
swprintf_s
_scwprintf
_vsnprintf_s
_scprintf
_vscprintf
sprintf_s
_swprintf
ntdll
NtFreeVirtualMemory
RtlQueryDepthSList
RtlInitializeSListHead
RtlIpv4StringToAddressA
RtlIpv4StringToAddressW
NtQuerySystemInformation
RtlGetNtVersionNumbers
RtlNtStatusToDosError
RtlSetIoCompletionCallback
ZwDeleteValueKey
ZwQuerySystemInformation
RtlAdjustPrivilege
ZwSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtOpenProcessToken
NtOpenProcess
RtlEqualSid
RtlCopySid
RtlSubAuthorityCountSid
vsprintf_s
vswprintf_s
RtlRandomEx
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
wcstoul
wcschr
memset
ZwQueryValueKey
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlTimeFieldsToTime
_wcsicmp
NtSetInformationFile
ZwDeleteFile
NtWriteFile
NtCreateFile
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlGetLastNtStatus
ZwOpenKey
ZwCreateKey
memcpy
_alloca_probe
_allmul
RtlLengthSid
ZwSetValueKey
NtClose
ZwDeleteKey
ZwEnumerateKey
ZwQueryKey
ZwOpenKeyEx
DbgPrint
strtoul
RtlTimeToTimeFields
kernel32
TlsSetValue
TlsAlloc
TlsGetValue
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
CreateEventW
IsWow64Process
GetCommandLineW
ExitProcess
LoadResource
RaiseException
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetHandleInformation
TlsFree
InterlockedExchange
SizeofResource
FindResourceW
CreateThread
CreateProcessW
SearchPathW
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
GetModuleFileNameW
GetEnvironmentVariableW
CopyFileExW
DeleteFileW
GetTickCount64
GetSystemTimeAsFileTime
FormatMessageW
GetModuleHandleW
LocalFree
LoadLibraryW
user32
GetAncestor
PostMessageW
SendMessageW
MessageBoxIndirectW
SetFocus
GetDlgItem
GetDlgCtrlID
GetSysColor
GetSysColorBrush
SetDlgItemTextW
ShowWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
SetWindowTextW
GetDlgItemTextW
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
FillRect
EndDialog
GetClientRect
GetDC
ReleaseDC
SendDlgItemMessageW
PostThreadMessageW
BeginPaint
EndPaint
SetWindowLongW
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
GetWindow
GetWindowRect
ScreenToClient
LoadImageW
DestroyIcon
gdi32
SelectObject
SetBkMode
SetTextColor
DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectW
GdiAlphaBlend
DeleteDC
comctl32
ord17
advapi32
LsaOpenPolicy
LsaQueryInformationPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
bcrypt
BCryptCreateHash
BCryptHashData
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
crypt32
CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateContext
CryptBinaryToStringA
ws2_32
WSARecv
WSASend
WSAIoctl
WSAGetLastError
WSAStartup
WSARecvFrom
WSASendTo
bind
closesocket
WSASocketW
WSACleanup
mswsock
GetAcceptExSockaddrs
secur32
EncryptMessage
AcceptSecurityContext
QueryContextAttributesW
FreeContextBuffer
DeleteSecurityContext
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
DecryptMessage
ole32
CoUninitialize
CoCreateInstance
CoInitialize
samlib
SamFreeMemory
SamEnumerateAliasesInDomain
SamQueryDisplayInformation
SamCloseHandle
SamOpenDomain
SamConnect
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ