Static task
static1
Behavioral task
behavioral1
Sample
0106206a2d27dd3eddf992f25f86b9af_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
0106206a2d27dd3eddf992f25f86b9af_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
0106206a2d27dd3eddf992f25f86b9af_JaffaCakes118
-
Size
502KB
-
MD5
0106206a2d27dd3eddf992f25f86b9af
-
SHA1
b2218e4cc6a9dd818eaa9a2c8508240bf6bed13c
-
SHA256
d6d5215ec80b39791b629596c0e0e72169e5a132a2960c4f16b8b70932cec727
-
SHA512
4bd16221a7b93af7d40f8967bc4d3d420ec1db9e95cf5b77b9cc163cf0165f0e84853f897164a26d58610c242c5d5ad97c1e2ee7fcf04ccbdab89a90afe82c20
-
SSDEEP
12288:cHrlryaZCVvll3Rua25tam4KN/+jC4eeF9ig:chryGCXlwJbZ4KOC4eGi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0106206a2d27dd3eddf992f25f86b9af_JaffaCakes118
Files
-
0106206a2d27dd3eddf992f25f86b9af_JaffaCakes118.exe windows:4 windows x86 arch:x86
b58a75db4605f9712e5dee9529c42e97
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
cygwin1
__errno
__getreent
__main
__mb_cur_max
_ctype_
_fcntl64
_fdopen64
_fopen64
_freopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getgrent32
_getgroups32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_lstat64
_open64
_setgid32
_setregid32
_setreuid32
_setuid32
_stat64
abort
access
alarm
asprintf
atoi
bcopy
calloc
chdir
close
closedir
connect
cygwin_conv_to_full_posix_path
cygwin_conv_to_posix_path
cygwin_internal
dll_crt0__FP11per_process
dup
dup2
endgrent
endpwent
endservent
execve
exit
fclose
fflush
fgets
fileno
fork
fprintf
fputc
fputs
free
fwrite
getcwd
getdtablesize
gethostbyname
gethostname
getpeername
getpgrp
getpid
getppid
getrlimit
getrusage
getservbyname
getservent
gettimeofday
inet_aton
ioctl
isatty
iswctype
iswupper
kill
killpg
localtime
longjmp
malloc
mblen
mbrlen
mbrtowc
mbsinit
mbsrtowcs
mbstowcs
mbtowc
memcpy
memset
mkdir
opendir
pathconf
pipe
posix_regcomp
posix_regexec
posix_regfree
printf
putc
putchar
puts
qsort
read
readdir
realloc
realpath
sbrk
setdtablesize
setgrent
setjmp
setlocale
setmode
setpgid
setrlimit
setservent
setvbuf
sigaction
sigaddset
sigdelset
sigemptyset
sigprocmask
sleep
snprintf
socket
sprintf
strcasecmp
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncasecmp
strncmp
strncpy
strnlen
strpbrk
strrchr
strsignal
strstr
strtod
strtoimax
strtoul
strtoumax
sysconf
tcgetattr
tcgetpgrp
tcsetattr
tcsetpgrp
time
towlower
ttyname
tzset
umask
unlink
vfprintf
waitpid
wcschr
wcscmp
wcscoll
wcscpy
wcslen
wcsncmp
wcsrtombs
wctob
wctype
write
_fcntl64
_fdopen64
_fopen64
_freopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getgrent32
_getgroups32
_getpwuid32
_getuid32
_lseek64
_lstat64
_open64
posix_regcomp
posix_regexec
posix_regfree
_setgid32
_setregid32
_setreuid32
_setuid32
_stat64
dlclose
dlerror
dlopen
dlsym
cygintl-8
libintl_bindtextdomain
libintl_dgettext
libintl_gettext
libintl_textdomain
cygreadline6
add_history
append_history
clear_history
emacs_ctlx_keymap
emacs_meta_keymap
emacs_standard_keymap
free_history_entry
history_base
history_comment_char
history_expand
history_expansion_char
history_get
history_get_time
history_inhibit_expansion_function
history_is_stifled
history_length
history_list
history_max_entries
history_quotes_inhibit_expansion
history_search_delimiter_chars
history_set_pos
history_subst_char
history_tokenize
history_truncate_file
history_write_timestamps
previous_history
read_history
read_history_range
readline
remove_history
replace_history_entry
rl_add_defun
rl_add_undo
rl_attempted_completion_function
rl_attempted_completion_over
rl_basic_word_break_characters
rl_bind_key_if_unbound_in_map
rl_bind_key_in_map
rl_bind_keyseq_in_map
rl_char_is_quoted_p
rl_complete
rl_complete_internal
rl_completer_quote_characters
rl_completer_word_break_characters
rl_completion_append_character
rl_completion_entry_function
rl_completion_found_quote
rl_completion_mark_symlink_dirs
rl_completion_matches
rl_completion_mode
rl_completion_quote_character
rl_completion_suppress_append
rl_completion_suppress_quote
rl_completion_type
rl_crlf
rl_delete_text
rl_ding
rl_directory_completion_hook
rl_directory_rewrite_hook
rl_dispatching
rl_done
rl_editing_mode
rl_end
rl_executing_keymap
rl_explicit_arg
rl_filename_completion_desired
rl_filename_completion_function
rl_filename_dequoting_function
rl_filename_quote_characters
rl_filename_quoting_desired
rl_filename_quoting_function
rl_forced_update_display
rl_forward_word
rl_function_dumper
rl_function_of_keyseq
rl_funmap_names
rl_generic_bind
rl_get_keymap
rl_get_keymap_by_name
rl_get_previous_history
rl_ignore_some_completions_function
rl_initialize
rl_insert
rl_insert_text
rl_instream
rl_invoking_keyseqs
rl_last_func
rl_line_buffer
rl_list_funmap_names
rl_macro_dumper
rl_make_bare_keymap
rl_mark
rl_named_function
rl_newline
rl_num_chars_to_read
rl_on_new_line
rl_outstream
rl_parse_and_bind
rl_point
rl_push_macro_input
rl_read_init_file
rl_read_key
rl_readline_name
rl_readline_state
rl_redisplay
rl_reset_terminal
rl_set_key
rl_set_keymap
rl_set_screen_size
rl_special_prefixes
rl_startup_hook
rl_tab_insert
rl_terminal_name
rl_tilde_expand
rl_unbind_function_in_map
rl_unbind_key_in_map
rl_username_completion_function
rl_variable_bind
rl_variable_dumper
rl_variable_value
rl_vi_bWord
rl_vi_editing_mode
rl_vi_end_word
rl_vi_start_inserting
rl_yank_last_arg
stifle_history
tilde_additional_prefixes
tilde_additional_suffixes
tilde_expand
tilde_expansion_preexpansion_hook
unstifle_history
using_history
vi_insertion_keymap
vi_movement_keymap
where_history
write_history
tilde_expansion_preexpansion_hook
tilde_additional_prefixes
tilde_additional_prefixes
tilde_additional_suffixes
tilde_additional_suffixes
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_completer_word_break_characters
rl_basic_word_break_characters
rl_basic_word_break_characters
history_expansion_char
history_expansion_char
history_expansion_char
history_subst_char
history_subst_char
history_subst_char
history_comment_char
history_comment_char
history_write_timestamps
rl_filename_quoting_function
rl_filename_quoting_function
rl_filename_quoting_function
rl_filename_quoting_function
rl_filename_quoting_function
rl_filename_quoting_function
rl_filename_quoting_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_completion_entry_function
rl_filename_quoting_desired
rl_filename_quoting_desired
rl_filename_quoting_desired
rl_filename_quoting_desired
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_attempted_completion_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
rl_ignore_some_completions_function
history_quotes_inhibit_expansion
history_search_delimiter_chars
history_inhibit_expansion_function
history_inhibit_expansion_function
history_inhibit_expansion_function
history_base
history_base
history_base
history_base
history_base
history_base
history_base
history_base
rl_done
rl_done
rl_dispatching
rl_dispatching
rl_dispatching
vi_insertion_keymap
rl_special_prefixes
rl_terminal_name
rl_instream
rl_outstream
rl_outstream
rl_outstream
rl_outstream
rl_outstream
rl_outstream
rl_outstream
rl_readline_name
rl_readline_state
rl_readline_state
rl_readline_state
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_meta_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_ctlx_keymap
emacs_standard_keymap
vi_movement_keymap
vi_movement_keymap
vi_movement_keymap
vi_movement_keymap
vi_movement_keymap
vi_movement_keymap
rl_directory_completion_hook
rl_directory_completion_hook
rl_directory_completion_hook
rl_directory_completion_hook
rl_directory_completion_hook
rl_directory_completion_hook
rl_completer_quote_characters
rl_filename_quote_characters
rl_char_is_quoted_p
rl_filename_dequoting_function
rl_filename_dequoting_function
rl_filename_dequoting_function
rl_startup_hook
rl_startup_hook
rl_startup_hook
rl_startup_hook
rl_startup_hook
rl_startup_hook
rl_startup_hook
rl_startup_hook
history_length
history_length
history_length
history_length
history_length
history_length
history_max_entries
rl_explicit_arg
rl_explicit_arg
rl_explicit_arg
rl_explicit_arg
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_line_buffer
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_end
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_point
rl_mark
rl_completion_found_quote
rl_completion_found_quote
rl_completion_found_quote
rl_completion_quote_character
rl_completion_quote_character
rl_completion_quote_character
rl_completion_quote_character
rl_completion_quote_character
rl_completion_quote_character
rl_directory_rewrite_hook
rl_completion_suppress_append
rl_completion_suppress_append
rl_completion_suppress_append
rl_filename_completion_desired
rl_filename_completion_desired
rl_filename_completion_desired
rl_filename_completion_desired
rl_completion_type
rl_attempted_completion_over
rl_completion_suppress_quote
rl_completion_append_character
rl_last_func
rl_editing_mode
rl_editing_mode
rl_editing_mode
rl_editing_mode
rl_executing_keymap
rl_completion_mark_symlink_dirs
rl_num_chars_to_read
rl_num_chars_to_read
rl_num_chars_to_read
kernel32
GetModuleHandleA
Sections
.text Size: 357KB - Virtual size: 356KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 12KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 58KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE