Behavioral task
behavioral1
Sample
495bcf192b3dae922860d12930895d4e_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
495bcf192b3dae922860d12930895d4e_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
495bcf192b3dae922860d12930895d4e_JaffaCakes118
-
Size
400KB
-
MD5
495bcf192b3dae922860d12930895d4e
-
SHA1
238114adc53bc8b558228923fb9be157bd73a516
-
SHA256
84ca876bbd78325680eb98498b1bd85786bd140b53650a00e2d87213920e057f
-
SHA512
b391e4d29e27042b941632536a4b6b2bcf018f63460bce6fcc850ba19bc1d804a4cfa9ef8724406b0738214bb90845f697a81955864a6b30291682e56b3ca748
-
SSDEEP
6144:yjxJbwaxzExxnpifB2FccqNHlabtRFA1gQj/+zMtm61F:yjxNwaxIxIGccqNH6tnA1gQj/h
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 495bcf192b3dae922860d12930895d4e_JaffaCakes118
Files
-
495bcf192b3dae922860d12930895d4e_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 284KB - Virtual size: 283KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 79KB - Virtual size: 718KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ