Static task
static1
Behavioral task
behavioral1
Sample
17af710193e1570d2a161243a7f09ad3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
17af710193e1570d2a161243a7f09ad3_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
17af710193e1570d2a161243a7f09ad3_JaffaCakes118
-
Size
386KB
-
MD5
17af710193e1570d2a161243a7f09ad3
-
SHA1
bbe48f327480d04cfb1851f8dd66517774d86ac6
-
SHA256
409726bc69395c3cf5381e9fcde1a4159eb6674da32efac8ad87120e17e8c2f7
-
SHA512
b5526dbe2ba29a39d73ead166b8f1c418e2d6cee447c087da3c0a9a01a9be758c13a67bebb86f0fab9978e8fdf8ef5bf39c43963b698f195fe875f2829bcb83f
-
SSDEEP
3072:N17/yrBe0HCa5iwY6k3+OAAKhH8x146Vzm2TceHvBdqdfqcmPnlGZGepv8C:77/yOjutH8xe6NmZOC9a
Malware Config
Signatures
-
Beds Protector Packer 1 IoCs
Detects Beds Protector packer used to load .NET malware.
Processes:
resource yara_rule sample beds_protector -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 17af710193e1570d2a161243a7f09ad3_JaffaCakes118
Files
-
17af710193e1570d2a161243a7f09ad3_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 221KB - Virtual size: 220KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 164KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ