Static task
static1
Behavioral task
behavioral1
Sample
0b4e03183856dca1d7ad1e9dd56e76ab_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0b4e03183856dca1d7ad1e9dd56e76ab_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
0b4e03183856dca1d7ad1e9dd56e76ab_JaffaCakes118
-
Size
817KB
-
MD5
0b4e03183856dca1d7ad1e9dd56e76ab
-
SHA1
b7981a6e7408404fcb57011185b9b28ce343f261
-
SHA256
ab0cdd23b1b3ffe3ae45769ba544688f339eea285ed1ca53d2b7a7586868dde1
-
SHA512
863016529b845bc9dd27ded22b5975a108cbf5f14cb3d97637c62fafe3f20a7963fc8a3d0ce5a3a565a0b38b1453ebbb6e625362beaae07f31400216d9cf1868
-
SSDEEP
12288:8siRcctim2rE+kOKK/yTnjdBgNRUD+umOE0zR0LaD1mcdYtUnHHfq:8sVctiTE+nKIOnxSRU9mczR0q/wGfq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0b4e03183856dca1d7ad1e9dd56e76ab_JaffaCakes118
Files
-
0b4e03183856dca1d7ad1e9dd56e76ab_JaffaCakes118.exe windows:4 windows x86 arch:x86
2dfdbdfcb2e2ba7aae961c2da44291ed
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
lstrcatA
GetCommandLineW
lstrcpynA
GetFileType
lstrcpynA
GetDiskFreeSpaceW
OpenMutexW
VirtualProtectEx
lstrcpynA
lstrcpynA
lstrcpynA
lstrcmpA
GetPrivateProfileIntA
VirtualFree
lstrcpynA
CreateDirectoryW
lstrcpynA
ReadConsoleA
DeleteFileW
ReadFile
GetFileSize
SetThreadPriority
GetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
lstrcpynA
FormatMessageW
lstrcpynA
lstrcpynA
certmgr
DllRegisterServer
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer
Sections
.text Size: 17KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 795KB - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ