Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
b44d2b620d708fb6918c0eec537330de_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
b44d2b620d708fb6918c0eec537330de_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
b44d2b620d708fb6918c0eec537330de_JaffaCakes118
-
Size
72KB
-
MD5
b44d2b620d708fb6918c0eec537330de
-
SHA1
7d209eddc0eb20496fae749929e9082832bdcb7b
-
SHA256
df61a42a90a6a29f7164f6ac1e24ca123c0bc5fa683691b57412056c5bc7e0b4
-
SHA512
d34f359e0fcd0c1ced9fb68fa4956fddd41fe6126bfbe63bfa4d8eb6aec87cb5fbc991a84480184173e5eaab8908a33832deb3a0368265546092a4d15641aeec
-
SSDEEP
768:RqB6Z5ww5AXTQ7Mkc2n601nKFCaIqkUaxhxD8+dAb64KqeoqzpKxR6ThHRXv:RVZkTQQkln6ejrib4hlzpGYTv
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b44d2b620d708fb6918c0eec537330de_JaffaCakes118
Files
-
b44d2b620d708fb6918c0eec537330de_JaffaCakes118.exe windows:4 windows x86 arch:x86
ccaaca9a796476c1285e10712eefa9d0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadFile
HeapAlloc
GetProcessHeap
lstrcatA
GetSystemDirectoryA
DeleteFileA
GetLastError
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
TerminateProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
SetEvent
ResetEvent
GetModuleFileNameA
CreateThread
CreateEventA
OutputDebugStringW
lstrcpyW
OpenEventA
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcpynA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ResumeThread
SetThreadContext
VirtualProtectEx
VirtualAlloc
TransactNamedPipe
UpdateResourceA
SizeofResource
LockResource
LoadResource
FindResourceA
EndUpdateResourceA
EnumResourceNamesA
BeginUpdateResourceA
GetTempPathA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetStartupInfoA
ExitProcess
GetStdHandle
lstrcmpA
lstrcpyA
SetFilePointer
WriteFile
HeapFree
LoadLibraryA
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
lstrlenA
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetSystemTime
SetSystemTime
Sleep
LeaveCriticalSection
OutputDebugStringA
mpr
WNetAddConnection2A
WNetCancelConnection2A
netapi32
NetShareEnum
NetServerGetInfo
NetApiBufferFree
ws2_32
__WSAFDIsSet
recv
select
htons
inet_addr
WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
socket
accept
listen
send
closesocket
WSAGetLastError
bind
iphlpapi
SendARP
rpcrt4
UuidFromStringA
UuidToStringA
user32
FindWindowA
ShowWindow
wsprintfA
IsCharAlphaNumericA
SendMessageA
wvsprintfA
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegRestoreKeyA
RegOpenKeyA
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE