default_check.pdb
Behavioral task
behavioral1
Sample
f550a997bf80ea6b0a1595f3bddfa1a0_JaffaCakes118.exe
Resource
win7-20231129-en
General
-
Target
f550a997bf80ea6b0a1595f3bddfa1a0_JaffaCakes118
-
Size
347KB
-
MD5
f550a997bf80ea6b0a1595f3bddfa1a0
-
SHA1
85f9c702d666f4c1c8ff28696f2aaa10bf041e1c
-
SHA256
c4332b9fb3274f1cf293471d7d343beb4207968e59551cc17b597ff1b4cab00b
-
SHA512
4a6278d9161378af0a6b7f14645f7a04d1893e4c732c2f4ac128c0e7cb77617d7f32440c8dbaf5e9e53161fecdc7d8176d340a4749e2eaf3a8899aa6bfdc8aca
-
SSDEEP
6144:4doPG8GTGTe1GbbTUcwss9Xy2R4cPHjCpYL/h0Q2wVT1AchKbfeVZtRqYwRF:jJFgXy2TU1VKZReRF
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f550a997bf80ea6b0a1595f3bddfa1a0_JaffaCakes118
Files
-
f550a997bf80ea6b0a1595f3bddfa1a0_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 340KB - Virtual size: 339KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ