C:\Users\mefoo\Desktop\desktop\sa\C#\ya\ya\Solaris Main\Solaris Main\SolarisSpoofer\obj\Debug\Solaris.pdb
Behavioral task
behavioral1
Sample
ee5f1d63131bc2123be402c408c31c26_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ee5f1d63131bc2123be402c408c31c26_JaffaCakes118.exe
Resource
win10v2004-20240319-en
General
-
Target
ee5f1d63131bc2123be402c408c31c26_JaffaCakes118
-
Size
5.1MB
-
MD5
ee5f1d63131bc2123be402c408c31c26
-
SHA1
64c055ee8e73406c8277cda7862368cdf971423b
-
SHA256
b9b1f19e22da2bc8c1b08556c553510a190d2f94ef2706be4e82cd0c5838a35a
-
SHA512
20b9888315effd2495358429a507c22287ffc201ca2407af9a8a59d02be4e9a52875e1534fd3121cc0cb844b3278bfaf62e294d3703ee0587acb80187df78f3a
-
SSDEEP
49152:w0PhClMsTt2RYZxGoLeC5FuXj2Pi15QO0rrLB9+OgRpUwXpUeXQq5dnZ:jCntYYCoL4x1/qW3pnZUeX15x
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ee5f1d63131bc2123be402c408c31c26_JaffaCakes118
Files
-
ee5f1d63131bc2123be402c408c31c26_JaffaCakes118.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 4.9MB - Virtual size: 4.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ