Static task
static1
Behavioral task
behavioral1
Sample
878ba0f5047f5e2593c391c609643887_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
878ba0f5047f5e2593c391c609643887_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
878ba0f5047f5e2593c391c609643887_JaffaCakes118
-
Size
56KB
-
MD5
878ba0f5047f5e2593c391c609643887
-
SHA1
e9d568e2627c9fa824b07be096fe423465d81825
-
SHA256
a7ea68f94c673c8d44b46cce37164eb1a20e2b9d8d03a0f114d1c48d6c05344b
-
SHA512
643d4b419f7a8447e212297c302ebd28b483973d208da824c063c2f6fec4f3f38c69b249f7bf9ce3bcba56352717d90fa45da8d503a4a84337e0b066bd0ee52a
-
SSDEEP
768:7/ifT+tLYkV8cyQIrLJ6dDDuKEnWI1G132NRnu:zZV8iIr0dDDuKEU8u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 878ba0f5047f5e2593c391c609643887_JaffaCakes118
Files
-
878ba0f5047f5e2593c391c609643887_JaffaCakes118.exe windows:4 windows x86 arch:x86
18959aae0b3d95360d9b792a1401d55a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord586
ord660
ord557
ord666
ord594
ord596
ord703
ord525
EVENT_SINK_AddRef
ord527
ord568
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord717
ProcCallEngine
ord648
ord575
ord100
ord613
ord547
ord580
Sections
.text Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ