Behavioral task
behavioral1
Sample
42086eca89f3a415136472059f9396d0_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
42086eca89f3a415136472059f9396d0_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
42086eca89f3a415136472059f9396d0_JaffaCakes118
-
Size
388KB
-
MD5
42086eca89f3a415136472059f9396d0
-
SHA1
de99a12d632f0b958d2d988c5286a81b4038b716
-
SHA256
751ff4ca2985c7b45f7a0da3b76b87ae95f7586ae9bb650a59762ed428365c30
-
SHA512
73589349d9f548e6bbae7ff2c81b2b3733958bb27cf4c98a1ca07f8119a1b11cd7cb00b823529a598976172b3e9eff7bd6eb12b305f531850fe456c18c630533
-
SSDEEP
6144:92uqT3MQ1b8kYlZn5EvRkBDq5CUh5Xp+aR9Mg1CmrW61m66QYK+JvlB:xqT3n1b8kieuB2C0v+ajZW616jZB
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 42086eca89f3a415136472059f9396d0_JaffaCakes118
Files
-
42086eca89f3a415136472059f9396d0_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 327KB - Virtual size: 326KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ