Behavioral task
behavioral1
Sample
5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118
-
Size
352KB
-
MD5
5e5cb9a1be725bbcfef55f98502d874d
-
SHA1
543febff0e53c7f5badb97bd0ab9509530eca434
-
SHA256
f218439bafeb99c3225c252bb9e290a583d674de0890674f7e950376b41fa71e
-
SHA512
0f5f8b0f27f2833a082d01d705427b7eabe57aa85f720494c37f3284ffe5289f45deb7dc1c26f1c504a721233044af211653fae062e529c773347ac141457283
-
SSDEEP
6144:um2w+hJKnBOPPeWKYHI/D08bZujC0DF6D2+hB:HaJiOJK5/SjCa6D2+f
Malware Config
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118
Files
-
5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 349KB - Virtual size: 349KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ