JaffaCakes118_236703a19ce7e03ea9216da5ed4cf8a9 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...a9.exe

windows7-x64

JaffaCakes...a9.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_236703a19ce7e03ea9216da5ed4cf8a9.exe

Resource

win7-20240903-en

andromeda backdoor botnet discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_236703a19ce7e03ea9216da5ed4cf8a9.exe

Resource

win10v2004-20250217-en

andromeda backdoor botnet discovery persistence

windows10-2004-x64

11 signatures

150 seconds

General

Target

JaffaCakes118_236703a19ce7e03ea9216da5ed4cf8a9
Size

36KB
MD5

236703a19ce7e03ea9216da5ed4cf8a9
SHA1

7c0d099167eb860e4c58fa46d1a0ffec4e1fef64
SHA256

e0124eb4277281b979d7bea79071cb7839ddab32d2e07d271262086457dae5d6
SHA512

e0111a4c73d535e0a256063f2db8b7ecc2d2226cc6f089c74b6956876671b28570f1746d59fd48d7e3c52b0fe4c8877add2e1f0772fd47c6329113560d0a0323
SSDEEP

768:n9N++RhsdR+TXl7SvIZhuxtUZn2BvsHLX6JwPIILI:9Y+KDCXNZhstUw1sHLewDc

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_236703a19ce7e03ea9216da5ed4cf8a9
.exe windows:4 windows x86 arch:x86

34fad51419a3e002c7fba57e51240367

Code Sign

eb:bc:0a:c8:9a:e5:e3:c0:db:85:5e:88:4e:b1:69:3f:bd:da:56:ba
Signer

Actual PE Digest

eb:bc:0a:c8:9a:e5:e3:c0:db:85:5e:88:4e:b1:69:3f:bd:da:56:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
WaitForSingleObject
CreateFileA
CreateMutexA
GetProcAddress
LoadLibraryA
ExitThread
VirtualProtect
SetEvent
LockResource
LoadResource
FindResourceA
GetStdHandle
LocalFree
GetVersionExA
CreateThread
VirtualAllocEx
GetModuleFileNameW
ExitProcess
GetModuleHandleA
ResetEvent
GetCurrentProcessId
DeleteFileA
GetWindowsDirectoryA
LocalAlloc

user32

RegisterClassA
CreateDialogParamA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy