Static task
static1
Behavioral task
behavioral1
Sample
8e8977f6abe1b3deeeab6b12257dfe31_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8e8977f6abe1b3deeeab6b12257dfe31_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8e8977f6abe1b3deeeab6b12257dfe31_JaffaCakes118
-
Size
360KB
-
MD5
8e8977f6abe1b3deeeab6b12257dfe31
-
SHA1
e04e14cc65f462f09048b1b0883fea4f43dac393
-
SHA256
72d5effc412c6eeca4b073c06fc5c1d37e8e279f419d0ac11801a45ab4984788
-
SHA512
ab605569bdc08b2c50aad495e878a463e4372f66491efb130cde9391e4b442e7ab5419186c5ee9c9b2b682e33be84f18db0343fcf3f5b84207ec3686f9d4baa0
-
SSDEEP
6144:3jT/842Wf1mUhmKDWM3LHLf+pNwcBlvaEHXLruGe3lvuJwSrZsSbkxsxx44GjhL:v/8CdmUTWETD+BaE3Lr+lvWrZsSbkW1M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e8977f6abe1b3deeeab6b12257dfe31_JaffaCakes118
Files
-
8e8977f6abe1b3deeeab6b12257dfe31_JaffaCakes118.exe windows:5 windows x86 arch:x86
a264eaba87781550d69bb66cae5d3997
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeCriticalSection
GetFullPathNameW
LoadLibraryA
DeleteFileW
HeapReAlloc
TerminateThread
EnumResourceLanguagesA
BeginUpdateResourceW
Heap32First
lstrlen
GetVolumePathNameA
Module32FirstW
CancelWaitableTimer
InterlockedFlushSList
FindAtomW
LockFile
OpenFileMappingA
LocalSize
Module32NextW
Module32First
OutputDebugStringA
VirtualAlloc
SetConsoleWindowInfo
GetFileAttributesExA
GetModuleHandleW
DeleteAtom
AddLocalAlternateComputerNameW
GetSystemWow64DirectoryA
msvcirt
?floatfield@ios@@2JB
??_Estrstreambuf@@UAEPAXI@Z
??5istream@@QAEAAV0@AAM@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??4iostream@@IAEAAV0@AAV0@@Z
?doallocate@streambuf@@MAEHXZ
?sync@strstreambuf@@UAEHXZ
??0ostrstream@@QAE@XZ
??0streambuf@@IAE@XZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??_Estrstream@@UAEPAXI@Z
?flags@ios@@QAEJJ@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?setp@streambuf@@IAEXPAD0@Z
??0fstream@@QAE@XZ
?ws@@YAAAVistream@@AAV1@@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?open@fstream@@QAEXPBDHH@Z
??1logic_error@@UAE@XZ
??_8iostream@@7Bostream@@@
??_Dostrstream@@QAEXXZ
user32
CharUpperBuffW
SetSysColorsTemp
CreateSystemThreads
UnionRect
IsWinEventHookInstalled
ClientThreadSetup
OpenClipboard
GetSysColorBrush
GetUpdateRgn
AppendMenuW
BroadcastSystemMessage
SetCapture
ShowOwnedPopups
GetTabbedTextExtentW
RecordShutdownReason
GetFocus
GetClipboardData
GetComboBoxInfo
GetWindowPlacement
DdeQueryNextServer
MessageBoxExA
GetMenuStringA
secur32
DeleteSecurityPackageW
SaslGetProfilePackageA
GetUserNameExA
SecpTranslateName
TranslateNameW
QuerySecurityPackageInfoW
EnumerateSecurityPackagesA
FreeCredentialsHandle
SetContextAttributesA
QueryContextAttributesW
LsaGetLogonSessionData
CredUnmarshalTargetInfo
EnumerateSecurityPackagesW
MakeSignature
AcquireCredentialsHandleA
QueryCredentialsAttributesA
GetSecurityUserInfo
ExportSecurityContext
CompleteAuthToken
Sections
.text Size: 278KB - Virtual size: 277KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 439KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ