C:\Users\Dr-West\Desktop\????????????????????????????????????????????????????????????\????????????????????????????????????????????????????????????\obj\Debug\????????????????????????????????????????????????????????????.pdb
Behavioral task
behavioral1
Sample
53cd92f44b837f835fe4e3ab7a53dda1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
53cd92f44b837f835fe4e3ab7a53dda1_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
53cd92f44b837f835fe4e3ab7a53dda1_JaffaCakes118
-
Size
228KB
-
MD5
53cd92f44b837f835fe4e3ab7a53dda1
-
SHA1
c054c5568ecbf3eb7535670a0b5de3cc2763b476
-
SHA256
24edc3ee97543e44ed48c91413aa4a34a57866cee28c86b1187ecdcddc52983c
-
SHA512
3d7319303af1f68f80e08769925a7c5a435d127b3dc529657a90c1b43a99d09fb1281110136a64186b11f5b79d9d4b69555ddf433c22d0527fc591bce83ce604
-
SSDEEP
6144:/Puw1LRQ2l67whSrkbo2F3S1NfyKT00m3UVwBmTVi/VxG:Huw1Lm2l6VM0II1UHVVx
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 53cd92f44b837f835fe4e3ab7a53dda1_JaffaCakes118
Files
-
53cd92f44b837f835fe4e3ab7a53dda1_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 223KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ