Behavioral task
behavioral1
Sample
fd042afdd17fe968e0d378506f6697e7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd042afdd17fe968e0d378506f6697e7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
fd042afdd17fe968e0d378506f6697e7_JaffaCakes118
-
Size
758KB
-
MD5
fd042afdd17fe968e0d378506f6697e7
-
SHA1
8dcf8021da863a523a4fb46a09f648caf726a1cd
-
SHA256
e82026ad368c0858044e3326bd2669a649f0daf04ebe417ad53e508a1f9dc91f
-
SHA512
7d484fd3ddb3e0185f7aa0b5ce46fabcd4b6cead04e4ac7b3e6915789fe3c94b92e0f0b07dd7146320841a99925a88cc41a97fa238f7e30e09b031140ab35a61
-
SSDEEP
12288:uxkFeN2kZlruHnxnPmffxPRhXdRGvb3HZC5iXsuzBlHO9idsNyIup5DVPmUdwWCF:zFMPMnxKFR9dRG35CocSltiNspfPmUpg
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource fd042afdd17fe968e0d378506f6697e7_JaffaCakes118 unpack001/out.upx
Files
-
fd042afdd17fe968e0d378506f6697e7_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 844KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 756KB - Virtual size: 760KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ