Behavioral task
behavioral1
Sample
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118
-
Size
380KB
-
MD5
f998121d523426ed0afed3d21dfb0d69
-
SHA1
fd4da5a1bd5ec4d6508c78a01f0002a3348df0e7
-
SHA256
7a9a5279a3ced8e2aabcb0edf0c1f5f935d33b49807de894774ad8f9c51a02f8
-
SHA512
c701c0bd0a129adb3593e66d6867f605f305a28c02351c3df607505f0e6bbe66d8755d8b9ac8ea22b550b233fed7335a179100b8bf889d843d6a8a540b1334f0
-
SSDEEP
6144:V6C4vUQ2R02etDfet3Agp0q9ygbX+1RzDU8vTMpcvEF:V7Q002e1saMJcR/VbKcvi
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f998121d523426ed0afed3d21dfb0d69_JaffaCakes118
Files
-
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 238KB - Virtual size: 237KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 141KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ