Static task
static1
Behavioral task
behavioral1
Sample
13c3622616514fdda0d8c41f9e7e3408_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13c3622616514fdda0d8c41f9e7e3408_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
13c3622616514fdda0d8c41f9e7e3408_JaffaCakes118
-
Size
820KB
-
MD5
13c3622616514fdda0d8c41f9e7e3408
-
SHA1
8bd5cb4bf491836f8f8d018bb17788cc57c96192
-
SHA256
8dd126deff52ecf04defe339de20048d0a8ef6e1e43df20c65d7acf1db515188
-
SHA512
97f63c7f3c3dc1d0e5b9dcfff33d2fed2bbeac46786cc4f10ffb5520e97569d51ba176aa3b5ae1488789b1b1a3a0bac2442b16902ee59b63aa05fd4afa909637
-
SSDEEP
12288:uvFWiaPkToGrnb4o6rSsf60oZaOzvPAeDxx00iCsZuKWYLReWGFk+0DLDZkXeuIZ:vi3vrbMwPA+xx3iCs8jHNFivDCBIF86
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 13c3622616514fdda0d8c41f9e7e3408_JaffaCakes118
Files
-
13c3622616514fdda0d8c41f9e7e3408_JaffaCakes118.exe windows:4 windows x86 arch:x86
b5066e35dd091808cdb9107bc584dcd2
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVolumeInformationA
GetFileType
VirtualFree
GetSystemTime
OpenMutexW
lstrcpynA
GetDriveTypeW
WriteFile
lstrcpynA
VirtualProtectEx
GetCurrentThreadId
GetDiskFreeSpaceW
lstrcpynA
GetCurrentDirectoryA
lstrcmpW
GetPrivateProfileIntA
lstrcpynA
ReadConsoleA
lstrcpynA
Heap32Next
GetModuleHandleA
lstrcpynA
FindFirstVolumeW
lstrcpynA
lstrcpynA
SetThreadPriority
lstrcpynA
lstrcpynA
lstrcatA
d3d8
DebugSetMute
ValidatePixelShader
Direct3DCreate8
ValidateVertexShader
Sections
.text Size: 18KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.hdata Size: 796KB - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ydata Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ