Static task
static1
Behavioral task
behavioral1
Sample
lb777.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
lb777.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_04d36a03d0672b6bd208e1494ab2f8ffebf60c2cc10005a8da199dad9e89fc53
-
Size
156KB
-
MD5
c5c962823a76a2b95b7b86fe7a4699bc
-
SHA1
34c8cf4d7a6bf9509d0b5bc2eb321aba6cecb7b0
-
SHA256
04d36a03d0672b6bd208e1494ab2f8ffebf60c2cc10005a8da199dad9e89fc53
-
SHA512
e4c294e0888559b44ce021a348033637cd90943cd23f94b3d341ac35d998a4e9a4c4f8fe6942556e122a102d37b69d632853d1001d38aec28301df8873e2501e
-
SSDEEP
3072:2U1jjNFTB7p8prBm3Gy4XSnUKdAj9m7iaWPCpcImyyg:2o3Nb7p8pr82y4XSncjWjKyX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/lb777.bin
Files
-
JaffaCakes118_04d36a03d0672b6bd208e1494ab2f8ffebf60c2cc10005a8da199dad9e89fc53.zip
Password: infected
-
lb777.bin.exe windows:5 windows x86 arch:x86
2465707e827cc6922177fd5db0a18593
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
WriteTapemark
ReadConsoleA
WaitNamedPipeA
ZombifyActCtx
GetEnvironmentStringsW
SetTapeParameters
GetModuleHandleW
GetTickCount
GetConsoleTitleA
WriteFile
GlobalAlloc
ReadConsoleInputA
FreeConsole
GetSystemWindowsDirectoryA
SetConsoleCP
GetFileAttributesW
LocalReAlloc
GetAtomNameW
GetDevicePowerState
ReleaseActCtx
GetCPInfoExW
GetProcAddress
CreateConsoleScreenBuffer
BeginUpdateResourceW
HeapUnlock
InterlockedExchangeAdd
BuildCommDCBAndTimeoutsW
SetConsoleWindowInfo
FoldStringW
GetModuleFileNameA
CreateMutexA
DeleteCriticalSection
GetWindowsDirectoryW
QueryDepthSList
lstrcpyW
CommConfigDialogW
CreateFileW
WriteConsoleW
lstrcpynA
SetDefaultCommConfigA
HeapReAlloc
VerifyVersionInfoA
PulseEvent
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetLastError
HeapFree
RtlUnwind
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetFilePointer
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
MultiByteToWideChar
LoadLibraryW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
CloseHandle
user32
GetAncestor
advapi32
BackupEventLogW
NotifyChangeEventLog
RegQueryValueExA
CloseEventLog
Sections
.text Size: 158KB - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 46.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.kicaxi Size: 512B - Virtual size: 1B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ