Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
7642641936be02921252b837f10b27b0_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7642641936be02921252b837f10b27b0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7642641936be02921252b837f10b27b0_JaffaCakes118
-
Size
191KB
-
MD5
7642641936be02921252b837f10b27b0
-
SHA1
9899e974a2f033a577b49d82a1d4479af6f95e69
-
SHA256
732d0d953bf5afc402a06751ddf0ac1895712d721a41b38ff04e801d53ab006b
-
SHA512
fa503c74cf1321e3f0ccd8c366b250211bcfd6047519f637bde2e82d212061e4b7523ad761053e35b500bfb53cd5d2827b742a30fa46e0b5779571c69a46ae9e
-
SSDEEP
3072:1nqCC+6DPrf80KTw19bGBWQRdkPFcinV99ViNBT1q2cl1/Z9k6gHDzGSOv6HNWmK:Rqz+6DDf80/19aBWQ3API52l1/P0ZrlK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7642641936be02921252b837f10b27b0_JaffaCakes118
Files
-
7642641936be02921252b837f10b27b0_JaffaCakes118.exe windows:4 windows x86 arch:x86
11da7048fa567a04ad45494bf1429c98
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
SetTapeParameters
Sleep
ClearCommError
GetWindowsDirectoryA
GetVersion
GetCurrentProcessId
EnumResourceNamesA
InterlockedExchange
ExitProcess
FindClose
GetLocalTime
FindFirstFileA
shell32
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
winmm
mciSendCommandA
sndPlaySoundA
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
oleacc
LresultFromObject
CreateStdAccessibleObject
gdi32
GetStockObject
CreateRectRgn
BitBlt
TextOutA
RestoreDC
DeleteDC
GetTextExtentPoint32A
CreateFontIndirectA
EnumFontFamiliesExA
SaveDC
DeleteMetaFile
Rectangle
CreateCompatibleDC
CreateSolidBrush
SelectObject
GetDeviceCaps
DeleteObject
SetBkMode
GetObjectA
SetTextColor
CreateCompatibleBitmap
user32
IsWindow
GetWindowLongA
SetWindowPos
SetCursor
SetWindowLongA
GetDC
LoadCursorA
ReleaseDC
GetDlgItem
ReleaseCapture
FillRect
MoveWindow
GetSysColor
GetWindowInfo
SetCapture
ole32
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID
advapi32
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
Sections
.text Size: 166KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.lib Size: 512B - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ