Static task
static1
Behavioral task
behavioral1
Sample
83d2eb846cdcc284e4a1bafccb90ef30_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
83d2eb846cdcc284e4a1bafccb90ef30_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
83d2eb846cdcc284e4a1bafccb90ef30_JaffaCakes118
-
Size
9KB
-
MD5
83d2eb846cdcc284e4a1bafccb90ef30
-
SHA1
43bc1e92b1eb7161a5e5e83e732b79ac5f48d44d
-
SHA256
aa96e7353990810df1176c8896e0e1994281e6e3cb0d39b559780ee504e9d32c
-
SHA512
cfb618c7554dff76ca25cf3ad3d30d5910cb9a43df679bcf0f91e03b3324fb2c1c3f4c5736986d900f77e5a845184c7fc61475704a0e32d91789fecb8ba89c54
-
SSDEEP
96:UY1lhTqVjpj2Nu+1Ph9mnNlgTs2WhIHVxCaQtmDvii/1ANlXHX:x1nON2Nu+1DmncWhI1x6tmXyDH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 83d2eb846cdcc284e4a1bafccb90ef30_JaffaCakes118
Files
-
83d2eb846cdcc284e4a1bafccb90ef30_JaffaCakes118.exe windows:5 windows x86 arch:x86
2d581c0d913cc4bcf1dff8231058ce58
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
EndDialog
DialogBoxParamA
SendDlgItemMessageA
SendMessageA
ShowWindow
SetParent
MessageBoxA
LoadStringA
kernel32
GetTickCount
GetDriveTypeA
CreateFileA
FindClose
DeleteFileA
HeapFree
GetCurrentDirectoryA
Sleep
QueryDosDeviceA
DeviceIoControl
SetLastError
CreateProcessA
GetDiskFreeSpaceA
GetCurrentProcessId
GetSystemTimeAsFileTime
ClearCommBreak
GetProcessHeap
FreeLibrary
GetProcAddress
BackupWrite
FindFirstFileA
HeapAlloc
CreateThread
CopyFileA
GetSystemTime
SetHandleInformation
CloseHandle
SetFileAttributesA
SetEndOfFile
OpenEventA
SetFileTime
QueryPerformanceCounter
EnterCriticalSection
GetExitCodeProcess
GetCurrentThreadId
lstrcpynA
LeaveCriticalSection
ExitProcess
DeleteCriticalSection
GetFileAttributesA
SetUnhandledExceptionFilter
GetCommandLineA
MoveFileA
DosDateTimeToFileTime
GetSystemDirectoryA
WideCharToMultiByte
RemoveDirectoryA
SetErrorMode
GetVersionExA
SetFilePointer
SetThreadAffinityMask
ExpandEnvironmentStringsA
MoveFileExA
LocalFileTimeToFileTime
FindNextFileA
WriteFile
SetVolumeLabelA
ReadFile
SystemTimeToFileTime
SetEvent
ntdll
NtAdjustPrivilegesToken
NtOpenProcessToken
NtClose
NtShutdownSystem
advapi32
GetLengthSid
InitiateSystemShutdownA
OpenProcessToken
AllocateAndInitializeSid
InitializeAcl
CryptAcquireContextA
SetSecurityDescriptorDacl
CryptGenRandom
GetTokenInformation
InitializeSecurityDescriptor
AddAccessAllowedAce
CryptReleaseContext
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.octq Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 139KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ