Behavioral task
behavioral1
Sample
eedaacc2047a3021ad8ef141237eab2c_JaffaCakes118.exe
Resource
win7-20240319-en
General
-
Target
eedaacc2047a3021ad8ef141237eab2c_JaffaCakes118
-
Size
2.5MB
-
MD5
eedaacc2047a3021ad8ef141237eab2c
-
SHA1
224bde08c8c6eb6bcf1c22d945c25d0793b5a3a1
-
SHA256
205510fe8ec85f69aab507415625af8a25c3e2dc68497dd0073afb60f5e80726
-
SHA512
7a41e8dc3f6b848ef65a5c502623353449e30eaf17037243387027125d975f4677c7528d0816f166645639304ddf65d7c4706f3aa5b0c600445a6ba908f6d960
-
SSDEEP
49152:BTM3Q0X7+JEK9r9Bv1bzI/Cs62tEYK4go:BA3QCK9Rns/Cs7uYdP
Malware Config
Signatures
Files
-
eedaacc2047a3021ad8ef141237eab2c_JaffaCakes118.exe windows:4 windows x86 arch:x86
Code Sign
4c:9a:0a:19:9a:a6:19:8d:46:90:25:b6:ba:e4:18:08Certificate
IssuerCN=HP 27-dp10 All-in-OneNot Before13/08/2021, 13:03Not After14/08/2031, 13:03SubjectCN=HP 27-dp10 All-in-One8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23/10/2020, 00:00Not After22/01/2032, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
db:cc:72:3f:38:2f:50:dd:e9:cc:0d:dd:dc:3b:1f:2f:89:b2:59:68:7f:9e:a0:23:3f:da:b7:70:d6:3f:9a:efSigner
Actual PE Digestdb:cc:72:3f:38:2f:50:dd:e9:cc:0d:dd:dc:3b:1f:2f:89:b2:59:68:7f:9e:a0:23:3f:da:b7:70:d6:3f:9a:efDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 181KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 130KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ