Static task
static1
Behavioral task
behavioral1
Sample
07b35bc0d76eebc56cd228b1212d08f693cbefcad6878970b626b0ac1809a55b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
07b35bc0d76eebc56cd228b1212d08f693cbefcad6878970b626b0ac1809a55b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_4d99dbdd282865eaf0dc3fd76d9eb031a3e1565d6e8e3101da0009262aa16872
-
Size
154KB
-
MD5
0920cdd96845a859bc318abae66e3ddc
-
SHA1
f0fb0c6597058840b9e3f468356b49515a495d2c
-
SHA256
4d99dbdd282865eaf0dc3fd76d9eb031a3e1565d6e8e3101da0009262aa16872
-
SHA512
85ef1c2365e314bed1df60860fd13ecad3871d92fd4b134f2399eb53e304eb8d077d2ade15929577e5435ff29fb06b26def3914d96ae81f3a372376191f8dda6
-
SSDEEP
3072:OZsmJ/TGGgyay4fXt9gqsRYPiirtSmNt8smOQxMxMHbU/1XKZyo:OZHH4f9pv94mNGsmCyHqFKZyo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/$PLUGINSDIR/System.dll -
NSIS installer 2 IoCs
resource yara_rule static1/unpack001/07b35bc0d76eebc56cd228b1212d08f693cbefcad6878970b626b0ac1809a55b nsis_installer_1 static1/unpack001/07b35bc0d76eebc56cd228b1212d08f693cbefcad6878970b626b0ac1809a55b nsis_installer_2
Files
-
JaffaCakes118_4d99dbdd282865eaf0dc3fd76d9eb031a3e1565d6e8e3101da0009262aa16872.zip
Password: infected
-
07b35bc0d76eebc56cd228b1212d08f693cbefcad6878970b626b0ac1809a55b.exe windows:4 windows x86 arch:x86
5f0c714c36e6cc016b3a1f4bc86559e4
Code Sign
01:7e:07:2d:5d:86:be:10Certificate
IssuerCN=Nonmechanicalness Hated\ ,OU=Counterpotent Myeloic\ ,O=Fremkomster,L=Jefferson City,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c184b696e646c696c79404f757473746179656438322e4b6e6fNot Before05-01-2022 06:16Not After04-01-2025 06:16SubjectCN=Nonmechanicalness Hated\ ,OU=Counterpotent Myeloic\ ,O=Fremkomster,L=Jefferson City,ST=Missouri,C=US,1.2.840.113549.1.9.1=#0c184b696e646c696c79404f757473746179656438322e4b6e6f01Certificate
IssuerCN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DENot Before01-10-2008 10:40Not After01-10-2033 23:59SubjectCN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
e3:0b:d5:f8:af:25:d9:81Certificate
IssuerCN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DENot Before22-02-2016 13:38Not After22-02-2031 23:59SubjectCN=DFN-Verein Certification Authority 2,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
1b:63:ba:d0:1e:2c:3dCertificate
IssuerCN=DFN-Verein Certification Authority 2,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DENot Before24-05-2016 11:38Not After22-02-2031 23:59SubjectCN=DFN-Verein Global Issuing CA,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
26:0a:30:98:6c:61:e1:62:c2:28:ed:25Certificate
IssuerCN=DFN-Verein Global Issuing CA,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DENot Before21-01-2022 13:20Not After20-01-2025 13:20SubjectCN=PN: Zeitstempel 2022,OU=Geschaeftsstelle,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,L=Berlin,ST=Berlin,C=DE,2.5.4.65=#13105a6569747374656d70656c2032303232Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7b:16:c6:eb:79:b4:b2:69:4d:49:e4:99:ee:ad:8a:ae:18:d3:b8:03:9e:13:ad:42:4c:d6:2c:81:be:44:5e:ebSigner
Actual PE Digest7b:16:c6:eb:79:b4:b2:69:4d:49:e4:99:ee:ad:8a:ae:18:d3:b8:03:9e:13:ad:42:4c:d6:2c:81:be:44:5e:ebDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA
shell32
SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ole32
IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongA
GetWindowLongA
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersionExA
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 76KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 654B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
License.txt
-
Praeg/battery-level-30-charging-symbolic.svg.xml
-
Praeg/ps.txt
-
Terrnet.Tek123