Static task
static1
Behavioral task
behavioral1
Sample
56c183b4f3bb8bc66e7b7823b052a7f0_JaffaCakes118.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
56c183b4f3bb8bc66e7b7823b052a7f0_JaffaCakes118.dll
Resource
win10v2004-20241007-en
General
-
Target
56c183b4f3bb8bc66e7b7823b052a7f0_JaffaCakes118
-
Size
81KB
-
MD5
56c183b4f3bb8bc66e7b7823b052a7f0
-
SHA1
f35be08145a5591a29d3eb04bd1e84ba256cd7fb
-
SHA256
ab1ab62049421e259cd5d274d61a50d4294d1f30f2a45fb6c48eaae273d1add3
-
SHA512
618bb321b131b8b0b281d5dc4dfbdd60a21f159a8759346f87def4414fc856f081279ef6df020fa181df90b9732a32ca9718a93f6476f8053fd5845839c83949
-
SSDEEP
1536:i84IZn+YU588Pwgm3gLEUs4bH9G6tsgXV8/6sQ47/mvVD0j2kTnqTb0:iQY88Igm3gLEUBH9RtsgF/Y/KVyTnyb
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 56c183b4f3bb8bc66e7b7823b052a7f0_JaffaCakes118
Files
-
56c183b4f3bb8bc66e7b7823b052a7f0_JaffaCakes118.dll windows:4 windows x86 arch:x86
587c55bafa293f1a64ad4a731955b463
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
AllocateUserPhysicalPages
BackupSeek
CloseHandle
CompareStringW
CreateHardLinkW
CreateMutexW
DebugBreak
DefineDosDeviceA
EnumLanguageGroupLocalesW
EraseTape
ExitProcess
FlushViewOfFile
FoldStringA
FreeLibraryAndExitThread
GetACP
GetCommandLineA
GetEnvironmentVariableA
GetFileSizeEx
GetLocalTime
GetModuleHandleA
GetNumberFormatA
GetOEMCP
GetPrivateProfileStructW
GetStartupInfoA
GetVersionExA
GlobalFix
HeapAlloc
HeapCreate
InterlockedCompareExchange
InterlockedExchange
IsBadHugeReadPtr
IsValidLocale
LoadLibraryA
LocalSize
SetCommMask
SetEnvironmentVariableW
SetLastError
SetWaitableTimer
SuspendThread
SwitchToThread
VirtualAlloc
WinExec
lstrcmpA
user32
SetScrollInfo
WindowFromPoint
SetClassLongA
SetTimer
SetMenuItemInfoA
RegisterWindowMessageA
RegisterClassExA
PtInRect
PostMessageA
PeekMessageA
OffsetRect
MsgWaitForMultipleObjects
ModifyMenuA
LoadStringA
KillTimer
IsDialogMessageA
GetWindowThreadProcessId
GetWindowRect
GetScrollInfo
GetMenuCheckMarkDimensions
GetDlgItemTextA
GetClientRect
EndDialog
EmptyClipboard
DispatchMessageA
DefWindowProcA
CloseClipboard
CheckMenuRadioItem
CheckMenuItem
AppendMenuA
SetFocus
msi
MsiMessageBoxW
MsiSourceListClearAllW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionW
MsiViewExecute
MsiLocateComponentA
MsiReinstallProductW
MsiInstallProductW
MsiInstallProductA
MsiInstallMissingComponentA
MsiGetSourcePathA
MsiProvideQualifiedComponentExA
MsiGetFileVersionA
MsiQueryFeatureStateFromDescriptorA
MsiReinstallFeatureW
MsiRecordSetStreamA
MsiRecordGetStringA
MsiQueryFeatureStateFromDescriptorW
MsiIsProductElevatedW
MsiGetFeatureValidStatesW
MsiGetFeatureStateW
MsiEnumRelatedProductsW
MsiEnumClientsA
MsiOpenDatabaseA
MsiDatabaseMergeW
MsiDatabaseIsTablePersistentW
MsiDatabaseImportW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseApplyTransformA
MsiConfigureProductExW
MsiConfigureFeatureFromDescriptorW
MsiProvideComponentA
MsiOpenPackageW
MsiGetMode
MsiOpenPackageA
MsiSetInstallLevel
oleacc
AccessibleObjectFromPoint
GetStateTextA
AccessibleChildren
oledlg
OleUIAddVerbMenuA
OleUIEditLinksA
OleUIInsertObjectA
dbghelp
ImageNtHeader
UnDecorateSymbolName
SymGetModuleInfoW64
SymGetModuleInfo
SymGetModuleBase
comctl32
DrawStatusTextA
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Create
FlatSB_SetScrollProp
FlatSB_GetScrollRange
DrawInsert
CreateStatusWindowA
CreatePropertySheetPageW
CreateMappedBitmap
ImageList_Replace
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_Write
InitializeFlatSB
LBItemFromPt
PropertySheetA
PropertySheetW
ImageList_Remove
UninitializeFlatSB
comdlg32
PrintDlgA
ChooseColorA
ReplaceTextA
security
InitializeSecurityContextA
FreeCredentialsHandle
FreeContextBuffer
ExportSecurityContext
EnumerateSecurityPackagesW
DeleteSecurityContext
DeleteSecurityPackageA
advapi32
StartTraceW
RegUnLoadKeyW
RegEnumKeyA
RegDisablePredefinedCache
QueryUsersOnEncryptedFile
ObjectDeleteAuditAlarmA
LsaRemoveAccountRights
LsaOpenAccount
LsaLookupNames
LookupPrivilegeValueA
IsValidSid
IsValidSecurityDescriptor
GetTraceEnableLevel
GetSecurityDescriptorRMControl
EnumServicesStatusA
CryptSignHashA
CryptSetProvParam
CryptGetUserKey
CryptGetProvParam
CreateServiceW
BuildSecurityDescriptorW
AddAuditAccessAceEx
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
Sections
.text Size: 50KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ