_ReflectiveLoader@0
Behavioral task
behavioral1
Sample
00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
240426-x2dhcaad62_pw_infected.zip
-
Size
34KB
-
MD5
60ffa089286ac8581d3d94304ed3386f
-
SHA1
14b7c668be9ee476e66a12f9b84317e3656bc809
-
SHA256
d27d441fb8c116418aa3f59da7bb4e29e82db15a83d7d52c837de33d7abab421
-
SHA512
4dfc5031b108492cb01d985f2b00eb347fea126f66957a8868c5afb1cf800663ff1b53d2e2f2c26a9df9f70151a3c312fd0cc8c240df0a68d9dca4c6fd5e4442
-
SSDEEP
768:DuWofymDykCfmjYMEmoOGJHYjrQ0IuiPhdczrxx91lmOeEJg:iK+JBjYMBoT5+00tiPvcvb9qT
Malware Config
Signatures
-
GandCrab payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118 family_gandcrab -
Gandcrab family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118
Files
-
240426-x2dhcaad62_pw_infected.zip.zip
Password: infected
-
00e7b0385d86046c8c210fbebb8e8eb8_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
.text Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ