Behavioral task
behavioral1
Sample
8308a7cd1ed678bc1918a9e6fc60c872_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8308a7cd1ed678bc1918a9e6fc60c872_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
8308a7cd1ed678bc1918a9e6fc60c872_JaffaCakes118
-
Size
11.4MB
-
MD5
8308a7cd1ed678bc1918a9e6fc60c872
-
SHA1
49681fc97a6ec73deeed7bc5287d41088dcfdb91
-
SHA256
02ca5f8958e04084d6416f27e3d71104b3b857438ed9b4328aa02e199cfd4740
-
SHA512
82bc95403b5d31b5038474f96af03572187939789d674dab4b7fdbea1ae270a8d996cc1d7cff4f412ae3fa85f92e501668d7b48b96666cee8c506d7c130fbe72
-
SSDEEP
196608:1/umt2s4TUsOnXwt2mchyBpFgKx1c4NgAjN:1mjs4TUsOnXy2geMR5
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 8308a7cd1ed678bc1918a9e6fc60c872_JaffaCakes118
Files
-
8308a7cd1ed678bc1918a9e6fc60c872_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
m>E\(! Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 366KB - Virtual size: 366KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ