Static task
static1
Behavioral task
behavioral1
Sample
f555f479aa05e03b2523646b8eaf0561_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
f555f479aa05e03b2523646b8eaf0561_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
f555f479aa05e03b2523646b8eaf0561_JaffaCakes118
-
Size
129KB
-
MD5
f555f479aa05e03b2523646b8eaf0561
-
SHA1
e1b884921397aa54edca4e81ba023d7ec8146062
-
SHA256
377984881bb1a77dda5b6b18a50429d7e1e95fc3b569d0a70e05cd9d46b8c863
-
SHA512
99563ebdfe7ad0e8af93d26b26e3afa19a4155b6b021d79657fa4b1059f50b9a540ceff60c26d12e0350d89ac1085818e2fce5eae550cf45355da36b7e48af24
-
SSDEEP
3072:ezmXRjySla8g9oxo3VUtAfkcEbbT4SQL/nx:DXRRlQ9oxo32t3cEbbTxQL/n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f555f479aa05e03b2523646b8eaf0561_JaffaCakes118
Files
-
f555f479aa05e03b2523646b8eaf0561_JaffaCakes118.exe windows:4 windows x86 arch:x86
2d22a8a176a36cd7a4300821dece90b0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
VirtualAlloc
lstrcpynA
TlsAlloc
SetCurrentDirectoryA
TlsGetValue
lstrcpynA
GetLocaleInfoW
GetNumberFormatA
FormatMessageA
lstrlenA
GetPrivateProfileIntA
GetStartupInfoW
GetCurrentProcess
GetModuleFileNameW
DeleteFileW
lstrcpynA
FindNextVolumeW
TlsAlloc
lstrcpynA
CreateEventA
GetFullPathNameA
lstrcpynA
vssapi
VssFreeSnapshotProperties
IsVolumeSnapshotted
??1CVssWriter@@UAE@XZ
??0CVssWriter@@QAE@XZ
Sections
.text Size: 11KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 20KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE