Static task
static1
Behavioral task
behavioral1
Sample
3a8ac6713590d599b0cc2e239ae986e7_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3a8ac6713590d599b0cc2e239ae986e7_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
3a8ac6713590d599b0cc2e239ae986e7_JaffaCakes118
-
Size
125KB
-
MD5
3a8ac6713590d599b0cc2e239ae986e7
-
SHA1
8b81b421564e5d8daebb8b0556a62c431a23063f
-
SHA256
95274454dd6dae4aac06646e4e692fcb949e1aec25271cbb2a3f1fc07b9b0c7a
-
SHA512
f7aecb231694abf12641ceb9df293d3c299b58bb16c8375595b0659fd54b3faab3da05c7f3ddc7cd6102a2491a2d8edb34aff36b1bb9dbe594542f6c18371155
-
SSDEEP
3072:67AAaZy8ZeNFrrA5HHR1cdSNgpU/GBD4deDcz7i+:0eE8ZqIv6psrEwi+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3a8ac6713590d599b0cc2e239ae986e7_JaffaCakes118
Files
-
3a8ac6713590d599b0cc2e239ae986e7_JaffaCakes118.exe windows:4 windows x86 arch:x86
d86b50cbdaa72970ec191a80ec85b6cb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcp60
_Toupper
kernel32
GetVolumeInformationW
Thread32Next
EnumUILanguagesA
DeleteFiber
TlsFree
GetVDMCurrentDirectories
LoadLibraryA
_lcreat
MultiByteToWideChar
ResetWriteWatch
CreateFileA
GetDateFormatA
PrivMoveFileIdentityW
IsBadHugeWritePtr
GetPrivateProfileSectionNamesW
GetProfileStringW
GetLocaleInfoA
CompareFileTime
GetStdHandle
Process32First
IsDBCSLeadByteEx
CreateProcessInternalW
LoadLibraryExA
SetTapePosition
GetDiskFreeSpaceW
HeapQueryInformation
FlushConsoleInputBuffer
GetLastError
CreateDirectoryExA
SetEnvironmentVariableA
GetProcAddress
WriteFileGather
CreateMutexW
SetConsoleCP
HeapWalk
EscapeCommFunction
TlsGetValue
VirtualFreeEx
Module32First
GetAtomNameW
GetConsoleAliasExesLengthA
DnsHostnameToComputerNameA
Heap32Next
SignalObjectAndWait
SwitchToFiber
WriteFileEx
CreateFiberEx
VirtualUnlock
VirtualAlloc
GetOverlappedResult
msvbvm60
EbGetErrorInfo
__vbaLdZeroAry
__vbaVarZero
__vbaVarTextTstGe
GetMem2
__vbaVarTextTstEq
__vbaR4Sgn
__vbaRsetFixstrFree
rtDecFromVar
__vbaHresultCheckNonvirt
Zombie_GetTypeInfoCount
__vbaVarTextCmpGe
BASIC_CLASS_AddRef
__vbaCyErrVar
__vbaFreeObjList
__vbaVarCmpGt
rtcGetTimeVar
TipUnloadProject
__vbaOnError
__vbaPut4
__vbaLateIdStAd
EVENT_SINK_QueryInterface
rtcSendKeys
__vbaVarTextCmpNe
PutMemNewObj
__vbaPutFxStr3
GetMem1
__vbaVarTextLikeVar
__vbaStrUI1
rtcSplit
__vbaAryRebase1Var
__vbaCyMul
TipInvokeMethod
_CIlog
__vbaLbound
rtcBstrFromAnsi
__vbaR8IntI4
rtcVarFromVar
__vbaCyForNext
__vbaMidStmtVar
rtcCos
rtcGetDayOfMonth
__vbaLsetFixstrFree
rtcMIRR
__vbaStrToUnicode
__vbaCyAbs
cryptnet
DllRegisterServer
CryptRetrieveObjectByUrlA
CryptInstallCancelRetrieval
CertDllVerifyRevocation
DllUnregisterServer
CryptGetObjectUrl
CryptUninstallCancelRetrieval
CryptCancelAsyncRetrieval
CryptRetrieveObjectByUrlW
CryptGetTimeValidObject
CertDllVerifyCTLUsage
I_CryptNetGetHostNameFromUrl
I_CryptNetGetUserDsStoreUrl
CryptFlushTimeValidObject
LdapProvOpenStore
I_CryptNetEnumUrlCacheEntry
Sections
.rsrc Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 707KB - Virtual size: 707KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 14.3MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE