Static task
static1
Behavioral task
behavioral1
Sample
MedWingNT_04_TT TP012080202014404 pdf .exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MedWingNT_04_TT TP012080202014404 pdf .exe
Resource
win10v2004-20240508-en
General
-
Target
6c02710a77793c2cbbe772297dd6a16b_JaffaCakes118
-
Size
566KB
-
MD5
6c02710a77793c2cbbe772297dd6a16b
-
SHA1
506edf76be43036ff202e47f060bae6ad406b110
-
SHA256
0fd074d5c884fa43b879d5611936d497ddfbff034580f1b4cf35ecf99151b5b1
-
SHA512
9d2f3cc997b8d149ee80c10ab4bec614428238f0b494e2ebd852f273bb75e4406d6024c02491040a7b57eb022123c4d7cca20af8f31a5b263c0b5a59d707fbcd
-
SSDEEP
12288:WxEk87ebCQ2wUpRSs5YtU54liluVJ8Z0famD:wrCQ2wUpRSs+akFVaZ0fai
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/MedWingNT_04_TT TP012080202014404 pdf .exe
Files
-
6c02710a77793c2cbbe772297dd6a16b_JaffaCakes118.ace
-
out.ace.ace
-
MedWingNT_04_TT TP012080202014404 pdf .exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 638KB - Virtual size: 638KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 212KB - Virtual size: 211KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ