Static task
static1
Behavioral task
behavioral1
Sample
PO CPWPKL-1901088.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO CPWPKL-1901088.exe
Resource
win10v2004-20240319-en
General
-
Target
1ede35fd9d34dc75f5c8a60194bd79f6_JaffaCakes118
-
Size
472KB
-
MD5
1ede35fd9d34dc75f5c8a60194bd79f6
-
SHA1
9e73c3b2bba0a0e31b1d5156875c31eaab89e689
-
SHA256
859d7c1d836ca442f3d913a7293703b728d7241ef83ad5d8ead7303ed590fd21
-
SHA512
d3574c204eec0c00df3ac5e63279afcba4fd9a355ccc030d6412b4e6beca5a7a33947a53a0864c8b1cf47f7b70b0e8522e236e03fedb187c215510af370b5359
-
SSDEEP
6144:OfGiNTeMLmK6DWOYll1UP2z9gYuMiSPdS0r3jnahy/tuHv4IW7YiLkijrktL9Alp:O5KSFemllGYnVRbjnaHD7c/VhcOFM6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/PO CPWPKL-1901088.exe
Files
-
1ede35fd9d34dc75f5c8a60194bd79f6_JaffaCakes118.rar
-
PO CPWPKL-1901088.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 536KB - Virtual size: 535KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ