Behavioral task
behavioral1
Sample
f0bbb469dc3a97b39dca1213f9d4176b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0bbb469dc3a97b39dca1213f9d4176b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f0bbb469dc3a97b39dca1213f9d4176b_JaffaCakes118
-
Size
5.8MB
-
MD5
f0bbb469dc3a97b39dca1213f9d4176b
-
SHA1
b15b2eb6f52b2339b8c537a396832a9c6442c29a
-
SHA256
05323b70b6f95f1942bb6e9161bb1c7140e4f704dcce33dafb78001bfb554b10
-
SHA512
09eef7b691e5436b9aa37a1c1b787201aa069ac5121d26155c67b38e60b89c9a2d8d4c01325ded98eca3015bc615aa22af1789c87c88a560921dcfb33f25c270
-
SSDEEP
98304:UiZ9eCErwRTpbTlq1QsRdDMKlJNzTPvAfiyy8dj+xIW8+bbvjBu746UR3zxRNNoU:b9gEZ7q1VDAK1K8M7WHbjVudU99Ne
Malware Config
Signatures
-
resource yara_rule sample upx -
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0bbb469dc3a97b39dca1213f9d4176b_JaffaCakes118
Files
-
f0bbb469dc3a97b39dca1213f9d4176b_JaffaCakes118.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 264KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 112KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 65KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
TerrorMenu.pyc