c:\more\mile\contain\upEver.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f
-
Size
135KB
-
MD5
7f5f7a43ba27f8825f6744559169f113
-
SHA1
b8dae9800fbde147c9705377670897e806c6abdb
-
SHA256
154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f
-
SHA512
1ec967ad2db08d47ed43d299fed52abd9696f045c13a7e92e5911ae5c1b281b49803e7e75d272515fc2c67aafc5525f477aa82fbf26a3caeb16b3c3bab7e8990
-
SSDEEP
3072:kmzk6rktZsru/oQ3nLNxtNr3EVoLztB79x+4yVthD:kv6rTGo2Ljr3EVOtBe4yVrD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
Files
-
JaffaCakes118_154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f.zip
Password: infected
-
5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57.exe windows:4 windows x86 arch:x86
de6ccb422d73fad528315b82baa175c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RtlUnwind
InitializeCriticalSection
ReadFile
SetEndOfFile
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
SetFilePointer
LCMapStringA
FlushFileBuffers
CompareStringA
GlobalFree
CompareStringW
GetVersion
LCMapStringW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
GetTimeZoneInformation
SetStdHandle
GetStartupInfoA
SetHandleCount
WideCharToMultiByte
GetDateFormatA
GetTimeFormatA
MultiByteToWideChar
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
VirtualProtectEx
GetSystemDirectoryA
CreateEventA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineW
HeapSize
Sleep
GetVolumeInformationA
GlobalAlloc
GlobalLock
GetLocaleInfoA
OpenMutexA
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapAlloc
GetLastError
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
CloseHandle
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
CreateFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
SetEnvironmentVariableA
user32
OpenClipboard
GetIconInfo
BeginPaint
GetWindowTextLengthA
SetFocus
LoadBitmapA
GetFocus
GetClassInfoExA
RegisterClassExA
InvalidateRect
GetCursorPos
ValidateRect
DestroyMenu
CallWindowProcA
MapWindowPoints
SetWindowTextA
GetSystemMetrics
CheckDlgButton
PostMessageA
AppendMenuA
IsDialogMessageA
winspool.drv
ClosePrinter
GetJobA
OpenPrinterA
EnumPrintersA
AddPrinterConnectionA
DocumentPropertiesA
gdi32
ExcludeClipRect
SetBkMode
LineTo
comctl32
ImageList_Draw
CreateToolbarEx
ImageList_LoadImageA
ord17
ImageList_SetOverlayImage
DestroyPropertySheetPage
ord6
ole32
OleInitialize
OleUninitialize
CoInitialize
OleSetContainedObject
CoUninitialize
wininet
InternetCanonicalizeUrlA
HttpQueryInfoA
InternetOpenUrlA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetCrackUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
shlwapi
SHSetValueA
UrlCreateFromPathA
PathFindFileNameA
StrChrA
UrlApplySchemeA
advapi32
RegCloseKey
RegCreateKeyA
crypt32
CertEnumCertificatesInStore
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateChain
CertDeleteCertificateFromStore
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo
avifil32
AVIBuildFilterA
AVIFileOpenA
AVIFileEndRecord
AVIFileInit
AVIFileReadData
secur32
FreeContextBuffer
QuerySecurityPackageInfoA
ImpersonateSecurityContext
InitializeSecurityContextA
Sections
.text Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ