Behavioral task
behavioral1
Sample
19a1ad6e1206cefffee1fd2b6c6b9389_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
19a1ad6e1206cefffee1fd2b6c6b9389_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
19a1ad6e1206cefffee1fd2b6c6b9389_JaffaCakes118
-
Size
1.6MB
-
MD5
19a1ad6e1206cefffee1fd2b6c6b9389
-
SHA1
a449ea866a23941b09985cde44207330c9e83722
-
SHA256
821678f699a3229b545aae2f5f1ad72967e0989de4720cd750462bd12fd804ff
-
SHA512
cae328b737888752876498b894b4e75c0ca03f599a5bf33184c3b3a6db9add6ef834581c8350a5df9b1d78eb772f8b11d18c56c6e767ab44124fcccd58f360a7
-
SSDEEP
24576:8eRwJRBxk11jQAFc8Fq9TsC/Qs70ba9vHJDifBo0vgpbWTvYgK8ejHPGV:3RsBxk3jQMc8U1EVbadJmS0BTvy8ebP
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 19a1ad6e1206cefffee1fd2b6c6b9389_JaffaCakes118
Files
-
19a1ad6e1206cefffee1fd2b6c6b9389_JaffaCakes118.exe windows:4 windows x86 arch:x86
0350225f17ad042d5add2f66ff368d1f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileAttributesW
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetProcessVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CreateFileA
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
TlsGetValue
LocalReAlloc
FindResourceA
GlobalAddAtomA
GetProfileStringA
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SizeofResource
GlobalFlags
MulDiv
lstrcmpW
GlobalAlloc
lstrcmpiA
lstrcmpiW
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
lstrcpynW
EnterCriticalSection
FormatMessageW
LocalFree
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrlenA
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
TerminateThread
GetExitCodeThread
ExitProcess
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
lstrlenW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetModuleFileNameW
GetCurrentDirectoryW
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
VirtualAllocEx
WriteProcessMemory
CreateNamedPipeA
GetProcAddress
CreateRemoteThread
WriteFile
VirtualFreeEx
OpenProcess
GetCurrentThread
GetLastError
GetCurrentProcess
SetLastError
CreateProcessW
ReadFile
GetCurrentProcessId
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
MoveFileExW
GetModuleFileNameA
GetWindowsDirectoryA
GetFileAttributesA
MoveFileExA
GetTickCount
DeleteFileW
CopyFileW
ResetEvent
Sleep
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
CreateDirectoryW
GetStartupInfoA
CloseHandle
VirtualProtect
user32
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
MessageBoxW
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
DefWindowProcW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
ModifyMenuW
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterClipboardFormatW
SetWindowPos
RegisterWindowMessageW
IntersectRect
SystemParametersInfoW
SendMessageW
EnableWindow
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
PostMessageW
wsprintfW
SetParent
GetTopWindow
GetParent
GetFocus
SetFocus
GrayStringW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
LoadStringW
GetDesktopWindow
CharUpperW
DrawTextW
TabbedTextOutW
OffsetRect
FillRect
GetSysColor
InvalidateRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
LoadIconW
AppendMenuW
GetSystemMenu
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
SetWindowLongW
SetRect
CopyAcceleratorTableW
CharNextW
TranslateMessage
GetSysColorBrush
LoadCursorW
PtInRect
GetClassNameW
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
MapDialogRect
SetWindowContextHelpId
GetDC
ReleaseDC
GetLastActivePopup
GetMessageW
gdi32
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
IntersectClipRect
SetTextAlign
SetBkMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SelectObject
RestoreDC
SaveDC
DeleteDC
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
CreateRectRgn
GetWindowOrgEx
GetObjectW
GetTextExtentPoint32W
GetViewportOrgEx
GetDeviceCaps
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
GetStockObject
comdlg32
GetFileTitleW
winspool.drv
DocumentPropertiesW
OpenPrinterW
ClosePrinter
advapi32
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
OpenThreadToken
OpenProcessToken
shell32
ShellExecuteW
comctl32
ord17
ImageList_Destroy
oledlg
OleUIBusyW
ole32
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
olepro32
ord253
oleaut32
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
wininet
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
ws2_32
WSCDeinstallProvider
WSACleanup
WSAStartup
socket
connect
htons
inet_addr
send
recv
select
rpcrt4
UuidFromStringA
shlwapi
PathFindFileNameW
Sections
.text Size: - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ