Static task
static1
Behavioral task
behavioral1
Sample
4021fad5060936fb64db940622dd462d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4021fad5060936fb64db940622dd462d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
4021fad5060936fb64db940622dd462d_JaffaCakes118
-
Size
512KB
-
MD5
4021fad5060936fb64db940622dd462d
-
SHA1
e315ec553b46f24335b5b554b0c12bb5bc048e48
-
SHA256
be183c954d33ee1f7e455e1ab95687b4dc9a1498253c8a40091f96b13a607612
-
SHA512
68222ea50d295527707a16a83e2ed49d3a5970e626ec2e7a2f7d57b33cef69cb5ea074422997d132f96ce3b5463a5a5cc029b4494ccbf3246d71d701633b183a
-
SSDEEP
6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6O:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5r
Malware Config
Signatures
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4021fad5060936fb64db940622dd462d_JaffaCakes118
Files
-
4021fad5060936fb64db940622dd462d_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 399KB - Virtual size: 398KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 35KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ