Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
765082f5bc99e0f6e7391121df1d3425_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
765082f5bc99e0f6e7391121df1d3425_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
765082f5bc99e0f6e7391121df1d3425_JaffaCakes118
-
Size
432KB
-
MD5
765082f5bc99e0f6e7391121df1d3425
-
SHA1
33c6f8049a3e79c2acfdc48ec0209847d853ba51
-
SHA256
e10a5017e1eb564316091b3eb436852a9f9b562aac3203fe2fc68ecba1d476eb
-
SHA512
abba23372e0617049ba7350413bc68f6fdbc3bb4923c4bd856700ee21172bb88dd9ee67276b7daf1c64b0b705630bc8abcfb6621594874223ef2c3fb7a778b75
-
SSDEEP
12288:UP4i/NbfK//OK/OIXVxdE2WEmg43LJsPRJRyC7:UP4QKqIFHE2bKLWRyC7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 765082f5bc99e0f6e7391121df1d3425_JaffaCakes118
Files
-
765082f5bc99e0f6e7391121df1d3425_JaffaCakes118.exe windows:4 windows x86 arch:x86
dfd784ddd4d7ad567c57e950397fbd0e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_daylight
wcsncpy
bsearch
_cwait
_assert
_j1
_errno
_wenviron
__p__timezone
_CIfmod
_itow
_CIpow
_wfsopen
_chdir
rename
ldexp
isalnum
_mbsset
_wexecvp
_atoldbl
wcstod
__initenv
_spawnl
strtol
_wputenv
_isatty
_wgetdcwd
__argc
__p__winmajor
iswlower
kernel32
WriteConsoleOutputCharacterW
ReadConsoleInputW
GetLastError
lstrcmpA
lstrcmpiA
GetMailslotInfo
EnumDateFormatsExA
GetModuleHandleA
GlobalReAlloc
GetCommandLineW
HeapAlloc
GetThreadContext
FormatMessageA
LocalLock
ScrollConsoleScreenBufferW
ExitProcess
lstrcmpiW
GetStartupInfoW
FindClose
TlsFree
lstrcmpW
GetProcessHeap
SetCommMask
GetModuleHandleW
_lread
SetErrorMode
GetPrivateProfileSectionNamesA
MultiByteToWideChar
GetLocalTime
EnumResourceLanguagesW
InterlockedIncrement
VirtualAllocEx
lstrlenA
GetConsoleMode
VirtualFree
GetStdHandle
advapi32
GetLengthSid
InitializeAcl
CryptSetProvParam
TrusteeAccessToObjectA
FindFirstFreeAce
RegLoadKeyW
RegQueryInfoKeyW
GetNamedSecurityInfoA
OpenThreadToken
RevertToSelf
gdi32
StartPage
SetColorSpace
GetGlyphOutline
GetCurrentPositionEx
StartDocA
CancelDC
GetTextCharset
GetObjectA
CreateScalableFontResourceA
GetMiterLimit
SetMiterLimit
SetLayout
CreateCompatibleDC
SetAbortProc
GetEnhMetaFileBits
GetTextMetricsA
CreateDiscardableBitmap
SetBoundsRect
SetViewportExtEx
MoveToEx
GetROP2
SetLayout
StretchBlt
GetObjectType
user32
GetOpenClipboardWindow
SetParent
SetActiveWindow
SetInternalWindowPos
FlashWindowEx
IsWindowEnabled
GetComboBoxInfo
CopyAcceleratorTableA
DeferWindowPos
DlgDirSelectExA
NotifyWinEvent
OpenClipboard
DefWindowProcW
CheckMenuRadioItem
DdeReconnect
SetTimer
TranslateMessage
CloseWindow
InternalGetWindowText
SetMenuItemInfoW
DrawIcon
SendMessageA
SetProcessWindowStation
ReleaseDC
GetWindowTextW
SetClipboardData
TabbedTextOutA
LockWindowUpdate
IsDlgButtonChecked
ToAsciiEx
CloseWindowStation
Sections
.text Size: 287KB - Virtual size: 288KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.syxry Size: 49KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.jro Size: 47KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.fzq Size: 47KB - Virtual size: 1011KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ