Behavioral task
behavioral1
Sample
f0858d19d8c5632c3752f538acbdec20_JaffaCakes118.exe
Resource
win7-20231129-en
General
-
Target
f0858d19d8c5632c3752f538acbdec20_JaffaCakes118
-
Size
212KB
-
MD5
f0858d19d8c5632c3752f538acbdec20
-
SHA1
0c3647d6904d31d2ee8b35739477694a9c26f3ab
-
SHA256
ebf39d9ff867791bcb167136e494fec8da659ce36cac0f8229206b145b583b47
-
SHA512
612df9a74a7ea47ea9690c45d102b97432ba03bdefc388bac0fe2e282848cb0a50ce35911a04cc5b17f1aadf5f958f010964fb696ae656b8be86b91d8fdeb206
-
SSDEEP
6144:OJPgv7wJZ87wBjd7mgkZUl30tmSFDpotI:OJPdJS7whdSUtKNn
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f0858d19d8c5632c3752f538acbdec20_JaffaCakes118
Files
-
f0858d19d8c5632c3752f538acbdec20_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 416KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 184KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE