C:\Users\Dr-West\Desktop\WindowsApplication1\Stub\obj\Debug\Stub.pdb
Behavioral task
behavioral1
Sample
58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118
-
Size
285KB
-
MD5
58dd0631dc5e070ce60ce4258586cbaa
-
SHA1
298550d1a1821ba320d926e0529445e669567feb
-
SHA256
cca94377ac2ba71a0fec12b73f0fbb83194db79e1be9e509b1d0e0e8f3db4fc2
-
SHA512
d0191ad963cb4af3944a71a187f61b3d719da4bc28f3b1575cee5590253e72f145f746bdb968d079ebced0d96da51f41f3dd9d23fe02b34eebbf2c6fe56283ef
-
SSDEEP
6144:/9SPfj7w2bhafQEPx96w3KK6cDwSL0JV:/9Snjd1Ev1L0
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118
Files
-
58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 271KB - Virtual size: 271KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ