Static task
static1
Behavioral task
behavioral1
Sample
5bf507937115c6074074caf023da2c3d_JaffaCakes118.exe
Resource
win7-20240419-en
General
-
Target
5bf507937115c6074074caf023da2c3d_JaffaCakes118
-
Size
400KB
-
MD5
5bf507937115c6074074caf023da2c3d
-
SHA1
5bebf55cc34dca6c90e3ff9782bd004a4e50e8ff
-
SHA256
0192991a0743901f0c69824069ead6095732592bd12534a879f007b5132e1dd9
-
SHA512
6aef54c4e9f6d72b7c924d38e4bd08b9641fb53028abeba451805c9134fb56f8a9ade86034abed5afd8aa624de3a56c6e45049c4e61ef4e4fbddffd41bd463bb
-
SSDEEP
6144:9YZcO/kEfaRbLnn38V17Y0fpO6H/RGB4zDuQpbAbTLt:ccK2Ln3s180f/z0bTp
Malware Config
Signatures
-
Beds Protector Packer 1 IoCs
Detects Beds Protector packer used to load .NET malware.
Processes:
resource yara_rule sample beds_protector -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5bf507937115c6074074caf023da2c3d_JaffaCakes118
Files
-
5bf507937115c6074074caf023da2c3d_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 397KB - Virtual size: 397KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ