Behavioral task
behavioral1
Sample
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118
-
Size
6.6MB
-
MD5
e35575598dc806a16ca43a2e565bbd3d
-
SHA1
a8494670848886ee5e3cbe2e29c1a549349a9b16
-
SHA256
fedefcfd77d1bf5826b7a94d92481c93a35d19db2d24aa61406954a4b61f7b9e
-
SHA512
6df40380dc586043332ffee3eedc5fb270946c8d083b6229dcea421bc3eb7e9a966354718dc78430478f1567776e0a2bdd833a4fb1f3de506ab7a6f22af22de7
-
SSDEEP
196608:/4CoUiu9Yuw7SEgvOFcjD0azHEWYkjSMzGcb8R:gHUbZw7S9vOFcjLgWfSMFgR
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118
Files
-
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 13KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ