Behavioral task
behavioral1
Sample
ptu621.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ptu621.exe
Resource
win10v2004-20240226-en
General
-
Target
05a8480548cf5ddd758f3d83284da00e_JaffaCakes118
-
Size
4.4MB
-
MD5
05a8480548cf5ddd758f3d83284da00e
-
SHA1
690c23818a55309f74d4be7361d3c2a595e771ae
-
SHA256
d63e2c3f4ccd7d0048f50e7fb6bac25bb9bb79e21452e552c83f2d98a4fa46ab
-
SHA512
12816c22e8008a22220ae3e94090a2860767d5a389d36781f3ec6d89ddc1b127feb92529ec5caac3870deec3f5e01fde225fc0a4d15c4e8bd5a944da57fed656
-
SSDEEP
98304:M8FwQRUtpc52HCEOoW5VNXvUzygmkHTR5Zk6pvtaw7wT272qkDSQ5s30yKgbJUHB:2jHCEOt1UmJkHTRkwtBYkkMx7UHrV
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/ptu621.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/ptu621.exe
Files
-
05a8480548cf5ddd758f3d83284da00e_JaffaCakes118.rar
-
ptu621.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 3.7MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 4.6MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 309KB - Virtual size: 312KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rmnet Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE