Static task
static1
Behavioral task
behavioral1
Sample
185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118
-
Size
408KB
-
MD5
185c8d11c0611cae7c81f4458bf1adea
-
SHA1
6128cc714ab2c12a3fe6e18991e1172a2bbdc1a1
-
SHA256
cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
-
SHA512
d029087ae92211c8594cef8e8e6b414792d88ef88b769947cc510c9635a43accec723642ad22a58d5f5cb2ca66681cff189cd85ab912c7c45e48e13d38963db9
-
SSDEEP
12288:x+uEVYYmBd2VgoWNKKliZ8qRP/FwKSJeku:xVEVYYU2AK8qRXFmJW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118
Files
-
185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118.exe windows:4 windows x86 arch:x86
39165092bc84217b39cecd014bee10b0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LCMapStringA
CreateFileA
GetCurrentProcess
ExitProcess
LoadLibraryA
user32
SetWindowLongA
wsprintfA
CreateWindowExA
CharLowerBuffA
CloseWindow
advapi32
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
Sections
.text Size: 384KB - Virtual size: 388KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 5B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ