Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118
-
Size
261KB
-
MD5
f8ed30e4a37ce22826a8698eeaaac42a
-
SHA1
dd6b782578e3747e0bbfca5513e2ee76c01cab4b
-
SHA256
0c35798e10c5d1fd5e9ce2489a413a58c72ece346a1b32c4784b2853eaeff70c
-
SHA512
41033b32f49012564f666c09c52d4218b5db0e80b1f2fd7239d585915da75a85a109d450ce43d7b9db1ab146d0e1c987a35c9dde744f726df27d200341df2ad6
-
SSDEEP
6144:IayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:yCua88SEjbEwvpZBZQfZhh
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118
Files
-
f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118.exe windows:4 windows x86 arch:x86
daaa849a0f5684c1f3f8f8d49dbe9af0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
shell32
SHGetFolderPathA
msasn1
ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX
msident
DllGetClassObject
Sections
UPX1 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 86KB - Virtual size: 134KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gxVhJ Size: 4KB - Virtual size: 943KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 255KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 131KB - Virtual size: 224KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ