Static task
static1
Behavioral task
behavioral1
Sample
174c745666cfc7942c77f5b2136da950_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
174c745666cfc7942c77f5b2136da950_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
174c745666cfc7942c77f5b2136da950_JaffaCakes118
-
Size
862KB
-
MD5
174c745666cfc7942c77f5b2136da950
-
SHA1
5f3e9a07ffd8ba17f92e7010a4139040b230d16f
-
SHA256
7bec10ebc46e8ff2fb6787aa827cc33148d056e0ec9ee2822f4d2089e1772b14
-
SHA512
d8b66919b1ed689fc1b68ac4edbf82e9051e6d134341e64312ba7ed0c495e9bee58961fc4281fc409b739af67fff33d9dd9674beb04be7faa0f7b22875172242
-
SSDEEP
24576:QbzJkOR+iaKqU0SzBwL8QPgzl8Wf0ZaKbEyV:QXJk0QUPG8QIx8cy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 174c745666cfc7942c77f5b2136da950_JaffaCakes118
Files
-
174c745666cfc7942c77f5b2136da950_JaffaCakes118.exe windows:5 windows x86 arch:x86
d1187503cf970dcb02f98a9b30bd54c5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
linkinfo
CompareLinkInfoVolumes
DisconnectLinkInfo
GetCanonicalPathInfoW
GetCanonicalPathInfo
CreateLinkInfo
ResolveLinkInfoW
GetCanonicalPathInfoA
IsValidLinkInfo
CreateLinkInfoA
ResolveLinkInfo
GetLinkInfoData
CreateLinkInfoW
DestroyLinkInfo
CompareLinkInfoReferents
ResolveLinkInfoA
advapi32
CryptCreateHash
IsValidSid
AdjustTokenPrivileges
SystemFunction003
CryptDuplicateHash
DestroyPrivateObjectSecurity
SystemFunction015
OpenTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorA
CreateServiceW
CredpConvertTargetInfo
GetWindowsAccountDomainSid
AccessCheckByTypeResultListAndAuditAlarmByHandleW
ObjectDeleteAuditAlarmW
QueryServiceLockStatusA
LsaLookupNames
RegFlushKey
AddAccessAllowedAce
CredRenameA
ElfBackupEventLogFileW
CloseServiceHandle
GetSecurityInfoExW
SystemFunction041
SetAclInformation
SetSecurityDescriptorSacl
GetMultipleTrusteeOperationW
LsaEnumeratePrivilegesOfAccount
GetSidLengthRequired
BuildTrusteeWithSidW
ElfOpenEventLogA
OpenBackupEventLogA
OpenServiceA
GetServiceKeyNameW
WmiNotificationRegistrationW
I_ScSetServiceBitsW
GetTokenInformation
WmiQuerySingleInstanceMultipleW
GetSecurityDescriptorOwner
GetTrusteeFormW
crtdll
wprintf
ungetc
_setjmp
localeconv
pow
iswcntrl
_pclose
memcpy
rename
_spawnvp
_mbsinc
fgetpos
_execlp
_beep
_cpumode_dll
freopen
_mbsncmp
_spawnv
vswprintf
_getcwd
_CIlog
_ismbcl0
_dup2
_snprintf
toupper
_tempnam
wcsspn
_chdrive
strcpy
perror
_CIlog10
_spawnve
tmpfile
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_sopen
oleaut32
VarCyNeg
VarBstrFromR4
VarCyFromUI8
VarCyFromI1
VarCyMulI8
VarI1FromCy
VarI8FromUI1
SafeArrayGetElemsize
VarI4FromUI2
SafeArrayDestroyDescriptor
VarUI8FromR8
VarDecAdd
LPSAFEARRAY_Marshal
LoadRegTypeLib
SetVarConversionLocaleSetting
VarUI4FromI2
VARIANT_UserMarshal
VarR8FromBool
VarCyFromUI1
VarI2FromI4
VarBoolFromUI4
VarUI8FromUI4
VarMul
VarCyFromDate
SysAllocString
VarAnd
VarUI2FromStr
OaBuildVersion
VarCySub
VarImp
VarR4FromR8
VarR4FromCy
VarI4FromStr
VarR4FromDec
DispGetParam
VarCyFromUI4
VarUI1FromDec
VarI2FromR4
VarFormatCurrency
VarI1FromI2
msoert2
CleanupFileNameInPlaceA
WriteStreamToFile
HrSetDirtyFlagImpl
FIsValidFileNameCharA
OpenFileStreamShareW
HrBSTRToLPSZ
HrCopyStream
HrGetCertificateParam
FIsHTMLFile
UlStripWhitespace
HrStreamSeekCur
FBuildTempPathW
IDrawText
FIsValidFileNameCharW
PszToUnicode
IUnknownList_CreateInstance
HrCopyStreamCB
MessageBoxInstW
HrIsStreamUnicode
PszSkipWhiteA
HrGetElementImpl
CchFileTimeToDateTimeW
fGetBrowserUrlEncoding
HrStreamSeekEnd
HrLPSZToBSTR
IsValidFileIfFileUrlW
CreateSystemHandleName
FIsEmptyA
OpenFileStream
HrIStreamWToBSTR
CrackNotificationPackage
CryptAllocFunc
wintrust
CryptCATVerifyMember
WVTAsn1SpcLinkDecode
CryptCATCDFEnumMembers
WVTAsn1SpcSpOpusInfoEncode
TrustIsCertificateSelfSigned
WintrustAddActionID
mssip32DllRegisterServer
CryptCATCDFOpen
WVTAsn1CatMemberInfoDecode
CryptCATAdminAddCatalog
DriverInitializePolicy
CryptCATAdminAcquireContext
CryptCATAdminRemoveCatalog
SoftpubDefCertInit
WTHelperGetProvCertFromChain
WintrustCertificateTrust
WVTAsn1SpcSigInfoDecode
WintrustRemoveActionID
IsCatalogFile
DriverCleanupPolicy
CryptCATStoreFromHandle
WVTAsn1SpcSigInfoEncode
CryptSIPGetRegWorkingFlags
WTHelperGetAgencyInfo
SoftpubCheckCert
WTHelperGetProvSignerFromChain
WVTAsn1SpcStatementTypeDecode
CryptCATCDFClose
WVTAsn1CatMemberInfoEncode
mssip32DllUnregisterServer
FindCertsByIssuer
MsCatFreeHashTag
WVTAsn1SpcLinkEncode
HTTPSCertificateTrust
OfficeCleanupPolicy
WVTAsn1SpcIndirectDataContentEncode
kernel32
DeleteFileA
FillConsoleOutputCharacterW
GlobalCompact
GetOEMCP
VirtualAlloc
DeleteVolumeMountPointA
TerminateThread
EnterCriticalSection
VirtualQuery
OpenFileMappingW
ConvertDefaultLocale
LoadLibraryA
ExitProcess
EnumSystemCodePagesA
QueryDosDeviceA
GetConsoleProcessList
HeapDestroy
GetTimeZoneInformation
PrivCopyFileExW
GetModuleHandleW
WritePrivateProfileSectionA
GetProcessTimes
MapUserPhysicalPagesScatter
LeaveCriticalSection
FileTimeToSystemTime
QueryPerformanceFrequency
Heap32First
GetSystemWow64DirectoryA
CloseHandle
DeleteCriticalSection
FreeLibrary
CreateWaitableTimerW
GetTimeFormatW
GetFullPathNameW
Sections
.text Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 298KB - Virtual size: 298KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 511KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ