c:\Or\Your.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2bf17470d8fbe53f19be2e57ab39baa0_JaffaCakes118.dll
Resource
win7-20240903-en
General
-
Target
2bf17470d8fbe53f19be2e57ab39baa0_JaffaCakes118
-
Size
248KB
-
MD5
2bf17470d8fbe53f19be2e57ab39baa0
-
SHA1
01c4f5deb04cddfb24fb7a048ef43b7c805046b9
-
SHA256
767a4937aea1249ea07aebfb62d9558287731e47dae4a6d6cbc6d8c286ac5ab2
-
SHA512
330035c2e2c0fb13719ade33af23e1fe0c480ddbc97e073eab6d4a91566fd1f05bf84f3c2371727552e96c8f111fc183e7b79673e7f0d5ff1d215985057de735
-
SSDEEP
6144:t8fkOEpGqQvFKhUM4yyhpokJ7UyocYSuv:TiwhUiyVxd2v
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2bf17470d8fbe53f19be2e57ab39baa0_JaffaCakes118
Files
-
2bf17470d8fbe53f19be2e57ab39baa0_JaffaCakes118.dll windows:4 windows x86 arch:x86
7de57e2e34f3208b02fad8b591a82fcf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
LocalAlloc
CreateFileW
SetLastError
FindResourceW
LoadResource
LockResource
FreeResource
OutputDebugStringA
FreeLibrary
GetVersion
GetUserDefaultLCID
IsBadReadPtr
RaiseException
GetStringTypeExA
DuplicateHandle
OpenProcess
CreateFileMappingA
MapViewOfFile
MoveFileW
FindNextFileW
GetFileInformationByHandle
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
GetModuleHandleW
GetVolumeInformationW
LoadLibraryW
GetComputerNameExW
FindFirstFileW
VirtualLock
GetCurrentThread
ReadFile
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
GetProcAddress
CreateFileA
DeviceIoControl
GetOverlappedResult
GetLastError
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
IsDebuggerPresent
ExitProcess
CloseHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
SetFilePointer
HeapAlloc
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
LocalFree
FindFirstFileA
FindClose
lstrlenA
VirtualProtect
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStringsW
HeapFree
IsBadCodePtr
GetExitCodeThread
QueryPerformanceFrequency
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentVariableW
GetLocaleInfoW
GetModuleFileNameW
OutputDebugStringW
WriteConsoleW
GetConsoleCP
GetConsoleMode
TlsFree
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetLocaleInfoA
GetProcessHeap
user32
LoadStringW
GetKeyboardType
advapi32
SetSecurityDescriptorOwner
MapGenericMask
AccessCheck
GetFileSecurityW
OpenThreadToken
ImpersonateLoggedOnUser
AddAccessAllowedAce
InitializeAcl
GetLengthSid
FreeSid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExA
GetTokenInformation
EqualSid
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
SetSecurityDescriptorControl
RegEnumKeyA
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RevertToSelf
ole32
CoQueryProxyBlanket
CoInitialize
CoUninitialize
CoSetProxyBlanket
oleaut32
SysFreeString
msvcrt
_vsnwprintf
Exports
Exports
IndividuallyCALs
InstancesForSoftware
InstancesMust
NeedIndirectlyYou
NeedOtherwise
ServersOf
ThroughYourUserOnlyDevice
YourToServer
Sections
.text Size: 80KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ