Behavioral task
behavioral1
Sample
f8939c71062f4499eaa8b86a0580dd54_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
f8939c71062f4499eaa8b86a0580dd54_JaffaCakes118
-
Size
994KB
-
MD5
f8939c71062f4499eaa8b86a0580dd54
-
SHA1
897a18893516b0f3d1d3868e0203dcc9db4dd067
-
SHA256
74aee1418c8050e1bc00b22376870d5628fea6b8ccf367b68723d84cb1614128
-
SHA512
29c95708c6e9af0266d583847fc96d909160023eb2f9336a60fbcb2cd7bbe3952c536cfe0baa9fc19714688d43067f6be8c773cd0c8c85ef4591c5e68eb5b338
-
SSDEEP
24576:4fPWR9AV1O+7sgzp+8fdNGzk2EAKn08/24d83T4b66R+BqyJyn59vuFf:4fPJ15GaALK66kq959v8
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f8939c71062f4499eaa8b86a0580dd54_JaffaCakes118
Files
-
f8939c71062f4499eaa8b86a0580dd54_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 259KB - Virtual size: 258KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 690KB - Virtual size: 696KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE