Static task
static1
Behavioral task
behavioral1
Sample
shipping document.exe
Resource
win7-20240508-en
General
-
Target
53fef215700b1e1c3d781f2be9f333d8_JaffaCakes118
-
Size
223KB
-
MD5
53fef215700b1e1c3d781f2be9f333d8
-
SHA1
ee868bdf2ab4b80ae5f48c54fcd30f10ef799f30
-
SHA256
0e62e4cceadbe0a5b50309f73956bbd1cf51b345b1a4d324e66c10d00c3494d7
-
SHA512
7b769b5a349c8fae8dedca1401760b8a00a5bdb2f588f4ab43beeabccce4f0d6d58f0ccb0788933ab8b50531651d4262806b9894914463d735def67a2390c022
-
SSDEEP
6144:hjnGoaxXgxL4lWZYGPpz9tPccAiEuHG7jVNG:hjG5gyMPRcydm7jVs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/shipping document.exe
Files
-
53fef215700b1e1c3d781f2be9f333d8_JaffaCakes118.ace
-
out.ace.ace
-
shipping document.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 235KB - Virtual size: 234KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ