Static task
static1
Behavioral task
behavioral1
Sample
4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
4456b93fa84ead0e6c5020d665120262_JaffaCakes118
-
Size
80KB
-
MD5
4456b93fa84ead0e6c5020d665120262
-
SHA1
3c30e119261d2ed1b57887bee9e2bb895f120500
-
SHA256
b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9
-
SHA512
3c2b66cfefd00a5a8cd55b13275bec599213bc9695c3d2b69c2ed9198fb205dd9d899243d1398bb0c58a49fbc0ef5d3461a4589db69d38d5dec233272b8807e3
-
SSDEEP
1536:Q5aO0FX8PbNNkd73OKOeAXmfp/tbM5jx:Q0X8znkd73O1X29Mv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4456b93fa84ead0e6c5020d665120262_JaffaCakes118
Files
-
4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe windows:4 windows x86 arch:x86
7aba5d8fe794fdebd8fa021d1b293165
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord692
ord586
MethCallEngine
ord558
ord595
EVENT_SINK_AddRef
ord527
ord560
DllFunctionCall
ord676
ord678
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord530
ProcCallEngine
ord539
ord685
ord100
ord617
ord541
Sections
.text Size: 72KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ