Static task
static1
Behavioral task
behavioral1
Sample
10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118
-
Size
65KB
-
MD5
10f6c6f2b570cd1304687321236bc9a1
-
SHA1
13882a201c4016960e9e49f63e2c21ac3758f460
-
SHA256
01bfa822f5d8f9a38147af09d1326383e0aef022a783b1729087c97952e139e7
-
SHA512
344319c41518d0a78c7e67526b51fa6b9da93c8bba23f34f341d48b74991db0a9143c04670cb83364cb67337b8ac561579dbec806c4ec3912cc95b4ebed93f54
-
SSDEEP
1536:HNKHWMQ14SFSEy2lLYuyshS7tnbr2uqQ1e3DU/9lJV8K:yWJ14SFfyMLYKSVqxDcl5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118
Files
-
10f6c6f2b570cd1304687321236bc9a1_JaffaCakes118.exe windows:5 windows x86 arch:x86
7346577445516ad3e97d77238515bc17
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathIsURLW
PathFindFileNameW
StrDupW
StrCatBuffW
PathRemoveFileSpecA
PathSkipRootW
PathIsRootW
StrChrW
StrToIntW
StrToIntExW
SHDeleteValueA
PathFindExtensionW
SHStrDupW
PathFindExtensionA
StrCpyW
PathRemoveFileSpecW
StrRetToBufW
SHSetValueW
PathIsUNCW
PathGetDriveNumberW
StrCmpW
PathRemoveBlanksW
SHGetValueW
PathFileExistsW
StrCmpNIA
PathAppendA
UrlCanonicalizeW
StrCatW
PathRemoveBackslashW
msvcrt
_wsplitpath
strrchr
_CIpow
_unlock
_ltoa
wcsstr
_wfopen
_ultow
iswalpha
wcsncat
srand
_ftol
_c_exit
__set_app_type
_snprintf
fread
fflush
__initenv
__p__commode
isalnum
strstr
isdigit
iswspace
__setusermatherr
__p__fmode
_vsnprintf
fprintf
memset
kernel32
GetCurrentProcessId
SetEndOfFile
LeaveCriticalSection
GetConsoleOutputCP
ExitProcess
GetCommandLineA
lstrcpynA
InitializeCriticalSectionAndSpinCount
ResetEvent
GetCurrentThreadId
GetFileAttributesW
GetModuleFileNameA
DeleteFileW
CreateFileW
VirtualFree
lstrcpynW
GetThreadLocale
WriteFile
QueryPerformanceCounter
TlsSetValue
GetFileType
CompareStringW
GetCurrentThread
GetProcessHeap
HeapAlloc
lstrcmpW
VirtualQuery
CreateEventW
LoadLibraryW
FindResourceA
DeleteFileA
CreateMutexA
GetStringTypeW
SetErrorMode
VirtualAlloc
lstrcatA
DisableThreadLibraryCalls
GetExitCodeThread
lstrcatW
HeapReAlloc
GetSystemDirectoryA
SetStdHandle
SystemTimeToFileTime
GetStringTypeA
lstrcmpA
ole32
CreateILockBytesOnHGlobal
ReadFmtUserTypeStg
CoSetProxyBlanket
OleRun
PropVariantClear
CoInitializeSecurity
OleLoadFromStream
IIDFromString
ProgIDFromCLSID
PropVariantCopy
OleRegGetUserType
CoUnmarshalInterface
CoFreeUnusedLibraries
MkParseDisplayName
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterface
StgOpenStorage
CoCreateGuid
CreateOleAdviseHolder
GetRunningObjectTable
StgCreateDocfileOnILockBytes
OleSaveToStream
GetHGlobalFromStream
CreateBindCtx
CoRevokeClassObject
OleUninitialize
OleRegGetMiscStatus
StringFromCLSID
version
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA
ntdll
RtlSetSaclSecurityDescriptor
RtlRaiseStatus
RtlValidSid
RtlInitializeCriticalSection
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
NtCreateSection
NtAdjustPrivilegesToken
NtDeleteValueKey
NtQueryVolumeInformationFile
NtCancelIoFile
RtlAcquireResourceShared
RtlSystemTimeToLocalTime
RtlUpcaseUnicodeChar
memmove
NlsMbCodePageTag
DbgBreakPoint
NlsMbOemCodePageTag
DbgPrint
RtlOpenCurrentUser
RtlAppendUnicodeStringToString
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 24KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 486B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ