Static task
static1
Behavioral task
behavioral1
Sample
0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5
-
Size
200KB
-
MD5
486365654c861c164232fa88ad8bf7bc
-
SHA1
7c081135b4d3c4f4ce567aa9b9338111559d6178
-
SHA256
bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5
-
SHA512
53ce0126b15b8e5edaf0a4ec357304d84652dc106bcc59c2d0332301ca9b4a79165bdf9468f49fbb41d65d674f1c2062e61b68340ae3abd538efa26b16ffd3ab
-
SSDEEP
6144:NvnBzHL3NQ3TGWN4t8OKXcA24OQf/AncP:N/JHTW3Ta8OKXFj/0+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff
Files
-
JaffaCakes118_bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5.zip
Password: infected
-
0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff.exe windows:4 windows x86 arch:x86
ae4b5ced0197ccc79014181de32d1491
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
LoadAcceleratorsW
FindWindowW
IsIconic
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassExW
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
DefWindowProcW
DialogBoxParamW
SetTimer
PostMessageW
DestroyWindow
EndDialog
LoadBitmapW
SetFocus
CreateWindowExW
UpdateWindow
ShowWindow
LoadCursorW
LoadMenuW
LoadStringW
kernel32
GetProcAddress
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
LoadLibraryA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
lstrcmpW
GetStartupInfoA
lstrlenW
GetTempPathW
SleepEx
GetModuleHandleW
GetVersionExW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetVersionExA
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
comctl32
ord17
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
Sections
.text Size: 180KB - Virtual size: 179KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 63KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ