Static task
static1
Behavioral task
behavioral1
Sample
84e02b7e01c3cf953b300905a9865d81_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
84e02b7e01c3cf953b300905a9865d81_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
84e02b7e01c3cf953b300905a9865d81_JaffaCakes118
-
Size
1.9MB
-
MD5
84e02b7e01c3cf953b300905a9865d81
-
SHA1
745c8957ada912a0272bbc3985ffa4b0eac3dc16
-
SHA256
156ea726a0ad6c8d77a5bdd4c7ed8581ea72bc77e3b3e011307e7fb706237c51
-
SHA512
4d2981693e05cfd559d53c2a97f7a68f8b03149cf9473c087f810ba8e73dffed5600f2b85964891f4ac303a0bbb986056900caf75de0ffa2f82c3a21fa2c1ad2
-
SSDEEP
49152:hOBcPtDsZ5CqzSD8ybRS3sYDoijJJADMnfknANKkgX25zPf2C397zS:hONZ5F
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 84e02b7e01c3cf953b300905a9865d81_JaffaCakes118
Files
-
84e02b7e01c3cf953b300905a9865d81_JaffaCakes118.exe windows:4 windows x86 arch:x86
ae56d16ff8a4e6a3a23c755f2c0d0515
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetPrivateProfileStringA
GetFileType
GetSystemDirectoryA
GetLastError
GetVersion
CreateFileA
GetFileSize
WaitForSingleObject
SizeofResource
CloseHandle
SetFileAttributesA
GetVersionExA
GetStartupInfoA
GetExitCodeProcess
InterlockedExchange
GetModuleHandleA
UnhandledExceptionFilter
lstrcpynA
UnmapViewOfFile
lstrcatA
GetCommandLineA
InterlockedCompareExchange
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateDirectoryA
SetFilePointer
GetACP
GetShortPathNameA
SetEndOfFile
SetUnhandledExceptionFilter
lstrcpyA
RemoveDirectoryA
GetProcAddress
lstrlenA
GlobalAlloc
CreateProcessA
QueryPerformanceCounter
VirtualProtect
TerminateProcess
DeleteFileA
LoadLibraryA
CreateFileMappingA
GetProcessHeap
GlobalFree
GetCommandLineW
GetCurrentThreadId
Sleep
MoveFileExA
FindFirstFileA
FreeLibrary
FindNextFileA
GetTickCount
GetWindowsDirectoryA
FindClose
MapViewOfFile
msvcrt
_ismbblead
_acmdln
_exit
?terminate@@YAXXZ
__getmainargs
__setusermatherr
_access
_mbschr
_mbscmp
memcpy
_mbsinc
__p__fmode
_cexit
_mbsstr
strtok
exit
strstr
_adjust_fdiv
_XcptFilter
memmove
strchr
_initterm
__p__commode
__set_app_type
_controlfp
_amsg_exit
malloc
_mbsicmp
memset
_mbsupr
_getcwd
advapi32
ControlService
EqualSid
RegEnumKeyExA
RegOpenKeyExA
OpenServiceA
RegSetValueExA
RegQueryValueExA
LookupPrivilegeValueA
OpenSCManagerA
AllocateAndInitializeSid
RegDeleteKeyA
RegDeleteValueA
GetTokenInformation
RegCloseKey
AdjustTokenPrivileges
FreeSid
OpenProcessToken
DeleteService
CloseServiceHandle
user32
SendMessageA
ExitWindowsEx
FindWindowA
MessageBoxA
LoadIconA
LoadStringA
wsprintfA
setupapi
SetupDiDeleteDeviceInfo
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
ntdll
RtlUnwind
Sections
.text Size: 563KB - Virtual size: 563KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ