Behavioral task
behavioral1
Sample
fb27c3bda77b88cb1d9cc1a21eb002ef_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fb27c3bda77b88cb1d9cc1a21eb002ef_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fb27c3bda77b88cb1d9cc1a21eb002ef_JaffaCakes118
-
Size
137KB
-
MD5
fb27c3bda77b88cb1d9cc1a21eb002ef
-
SHA1
a8492ccfdf087f395dc181fb1a5a97467a7623a5
-
SHA256
71057fe415ea84d60d3726f76bd0b8c6cf9e3d3c497ff4c4430bb00e9e2d7564
-
SHA512
38267a7134fd185bb3e98cb8023d170ffa61809fa79a1a59b72ea60604fb8072d9cdb6064ec62d9c3574393b372f2acaea9ce8c7eec2710b5b64459539b7dfef
-
SSDEEP
3072:vxMbSP2gXggMDtbpzn+DlsMSh6Do4fgPqaht7UA+ZSrLP2o:vCbS+QU1zn+DlsXh6kpPqaDUd0/P2
Malware Config
Signatures
-
Processes:
resource yara_rule sample aspack_v212_v242 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource fb27c3bda77b88cb1d9cc1a21eb002ef_JaffaCakes118
Files
-
fb27c3bda77b88cb1d9cc1a21eb002ef_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 131KB - Virtual size: 496KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE