�s;�è(�X��jH��j?�D�fۣ>�^B[vN�e�ļ��"\�ʋ���q�����F0R���H��$�QNV��b�c��w�(�d;�y���((�M}����>{��|Ch���-��t��y?�*}�*��G�h&g dqU6�"g�Z6�@�.�8�3�|1�A×���<t*�FhFƈp�C݉u"�ڤ�� ꈇ��d�[h��܈��&�R����-������r4\�oN��.���ߢ}M�uŕ���B<����.�xߥH|r�#�ឣM��ĵ��-˼�[a͘���_���YzF�m�f���L��P�Arm+�-�Ē�R�����S�,འ(�T[�e��/b��>��;�ɞzf>MV�y�>Y��f��z�?=�x���W��:�ͷ����Ե�9�>T�[Ǎ�4�W ����8�p��c���&�HK�Q��>VG� �J{1R]z>�����@�!?�R ���H[��F���A^�}u9��Zj&QB=��rҬ��l��N'je��Iz��p؛�"�Է�?h�YA�x2�[tȿ|v�?���1F�|���Qk�㛏SC�0Y�( ��!OKY�njEc�Um �J��G�[�!���K�e�?���O�<���0�;�oB��4��P�ϧi��z9��;������`�$v�؇�J�avj"QB� W*-@��2:��w���('�I��w:��J�.������co�朢#>;}�P ���Q�I'��8q^��i2zF�_ 1y� q��x|�Դ��v�� ��KN_0��u�8a�|�fjk�{濻I4c�-zf���d�t˄2��p>�w���E|3r�u�yr�8���� Rҷ��~��\�|�t��� �����]�jT��+|p���ad�3@��n5鰕��f=�W�!�0-�yDf46WORz2V����َ�K8H&{py}�l��[j[�?��Wj�E���io�0�$�"�yR���5�q���G�+d�G�Ur�rH��O&3AҬݖ?���<�rSh3�+-�/[���r���d���������)�����J�"|]�_o����#;rL�����o���%.�"�Ϝ =����E��CL�Hk��f��`L� �D�qkmYR���H�n$�����b+|��+�^���6پ����K������C �Swb�E9�tT�7T�:\=���~V͊ygrBfqrۨ��@�9��{g�ɳ�?���f<s�A5y�}q������J�"���/��"�2��'e��8"�c@���m!Z���lܡ���3�T�ayسeǍt%��JԢK{�9Vv���6����z�������M� 0�V��Q�J2:������9m���K�f���w�I甁�BomO�σH��n��yt�\S.sg��pf��U�ݺ�4S�@�7o�ݓ)�hM�-���;qXs�]��A�?�c�@r�8�~wk��*�Ϝ�B��-e٪$�7��dzCR�>E����ڳ����Z&�fm��H:�3Q.�J:�ş��ޛq�n��>�Y�*�sО��zm�n �`@U���W�^Y���[�qV`)�DX��ͣ[�2����Y�x�*|�>B��0cATG�K��o���-��]O�����ĸ��Z�Ju�)�����x�4�c�h�Â�����/��!�����1���¨���ߑ�f��Fd���\�5��S��ۭ�I�O��ߕJ��t��`�s(h�hi�Y�����쵱�ؠ5�U��K�CX�����WV�Ѳ�G������9�~��*�l*'����F_��6*Ц������W9�aj��N�"D��r��(��T[���&l�@�)�چ���wQ]� f�%����P��6)�8�"�칰i��8^Q�I����g�Վ�8j��C������+8��*�bh�r���uN ��9ojP��<��-�Va ���0�)�UL���<~�~Z���Q��IѢ�H��u�=����H�pG����3E�W�\�ʱu��lԪ�!�ݲ�&�j����6gP+�s_��(��J������U���o\MW���\��֤�����BtQ9%�|a��˽,��s��Fg���R���T!���i�(��Q����^�՜�;O�R2���et7�R�睚6L?��U�e%��,�����>� .��X[䴙rYw���.��3<���z殆��^&��`�"=��fA�r��*�=� ����Ġ���Wԍt)ڳ����*�"�g"� ��?W����^����ր��!��@G'!��Kh9��x9� ���<�=�I��P������*�W"�����_�RHWqy��A*-�Vuu\��B�/�Sr�v��/pc��GNgoŃ=��m�g~���q#|Y��O�Ǟ�S-ֱ�.ݍ��(��&�]��Xa� �(R�fl��K��zQ���\��"A絛�=dnb ��9�������DI�sM]�`��!."�'�ז�Uca��B6Ϻ�ޥu-���cn�U�l��&m�Ǔ_9�F\�����i�#�U M���%"����9�c\�@��K������b��\�{�U �������)�zL2t��Kt^ϝg^7�:?�~�wvz�RCv������n_ 3d�CY���f�v�K[NKRة�ٌ娧�����3�1��=�r�wJ%�.`����=�N$$�h���8�?��G�^� h�[�G=�?�-�ޗ�+r����Em�����P�H�dD&�J�F1�҄>�H�Kυ��5�G�I�!y�6vj<yvj^��F��<��æ��U~��;ι_{K�d�i�rT������T��+HC��OWl��d~&��f Q'ܑ5����T�0�+�O���|�`��Z�?(~���|��j����#�|��� �ļ@3�P�W��٨�w}D圢��-�.�e +�H�4�d�U��M)&����%��U��^�S�;J=:^�s��Iti#����n����� ^y��X5�ћW���h*Hf'���̘-�n��{ u�� ����!�2Dm��{������I�>o��o9��Am8dX���^�^sjY�.�DW�Oi��iqӟ���^��_`S���{�2��2U�T��R2��7IQ�/]�z���{'�fZ��hW�R��ϕ�Tbp���pd���dj�/6;:�����X����Xk[�g�?(={~V��_��k�Au��}2�Q���Qj���M�ܬX0B��x8dNj�lc���>��-d䙱&���m����;R";�7X�ͧ%_��i�� ;�K�j������X��Gg�^�;��@B�RG�a�#����#45����f���4�E�]������?%=��b%�ax�w2"zu�u }�-�XOf-ɐ^���E���0��B�-�� y�IM�4V�Sq<2���?;n���?�L38Qcҕ+�J���gY�<�k�{�<�?6Σw�7� I�.����G,bOYxF��q`���7�t�TT@<31p�큜'�v�.q�u6#~β�t�lov�T�=AVε�k�p�8���X���Xӣ�^F��(̿Q*�[H^�Ρ��i܀�K%
Static task
static1
Behavioral task
behavioral1
Sample
Terminator Resistance Promo.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Terminator Resistance Promo.exe
Resource
win10v2004-20240508-en
General
-
Target
8df57f64da6faa3eeb50caecc8b2895b_JaffaCakes118
-
Size
5.6MB
-
MD5
8df57f64da6faa3eeb50caecc8b2895b
-
SHA1
acb4730819649e56224b1edb539fe3152a44d4ba
-
SHA256
5fe76cc7e22b4b79f1a46e0181531e89a2e2029de1532a92a255560917bcdffd
-
SHA512
8e2c0e6320b5a5fa327ef6342d643a5e8a6565ed136fd27e217a60cc7e6de35f1034c0f911d9af032bc3591be72ffee19d45435aab01cd5a23861190cdc81971
-
SSDEEP
98304:28o+FDCD/yCIQF7TlSBKfs7dahRvun+a0WUIT3PY5ZhumG5OhM/Hi12v7kbzRGJI:Vo+FCDqCR7TliKfsahZ2+2LNmIWM/HEJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Terminator Resistance Promo.exe
Files
-
8df57f64da6faa3eeb50caecc8b2895b_JaffaCakes118.zip
-
Promo Trainer Notes.txt
-
Terminator Resistance Promo.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: 41KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 18KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1024B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2.4MB - Virtual size: 12.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE