Static task
static1
Behavioral task
behavioral1
Sample
6d61c586bbae7490164a50597740acb9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6d61c586bbae7490164a50597740acb9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
6d61c586bbae7490164a50597740acb9_JaffaCakes118
-
Size
293KB
-
MD5
6d61c586bbae7490164a50597740acb9
-
SHA1
905c65b43d747abfcd2a13bd908d58590e8960c6
-
SHA256
e5c90803f9d797e505ae00ce6af6cc7eacada7ead532c512b51887580517eb6d
-
SHA512
b783aed02170d66b773c042351be61ac377e71b33180367bd4550cc89553c17ee8e7f0414a1cc02ea7c9eb46ac6e04eb0b0dd95c2e4767d31ebf9053e9b006d5
-
SSDEEP
6144:hpbCq6odr0vzKlX3Fe0y1kVuauo5iA16SMsPivtyYVkgJtT9O4dKIdL0:7VQK7e0wkVuaLiAESJstyYVxZO4gAA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6d61c586bbae7490164a50597740acb9_JaffaCakes118
Files
-
6d61c586bbae7490164a50597740acb9_JaffaCakes118.exe windows:4 windows x86 arch:x86
3f981b0fce3218820038e50ad114cbf6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetAtomNameW
RtlUnwind
IsValidCodePage
GetDateFormatA
VirtualAlloc
MultiByteToWideChar
GetTimeFormatA
TlsGetValue
WriteConsoleA
HeapSize
EnumResourceNamesA
SetStdHandle
HeapReAlloc
GetOEMCP
FindResourceA
SetFilePointer
GetACP
GetCPInfo
GetConsoleOutputCP
GetLocaleInfoA
TlsAlloc
TlsSetValue
RaiseException
shell32
SHGetDataFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
SHGetDesktopFolder
DragAcceptFiles
SHGetPathFromIDListW
Shell_NotifyIconW
occache
FindControlClose
Sections
.text Size: 138KB - Virtual size: 266KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ