Behavioral task
behavioral1
Sample
0c657e6dd97e5f4aaaed74c653fdb606_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
0c657e6dd97e5f4aaaed74c653fdb606_JaffaCakes118
-
Size
1.4MB
-
MD5
0c657e6dd97e5f4aaaed74c653fdb606
-
SHA1
2d26fd5164c67105030373b182282c32dc055fc2
-
SHA256
9a9c61362b64b9e5f0e448f93f0adddad106b8e0cc78f8e276f8af635554953b
-
SHA512
3fb3003cbd83b480d7412c3108726740b6a8a4b951d95e32354ef4be33643c5311251a87bdf2acb63cb05d1cf51f20adf5c8411876801dbcad1c3871fb390507
-
SSDEEP
24576:Ud474mf6MIy8ExsJI7Sza2IJIZgYev+mClx8GTOk4Pc+SBbMBCW:UOPf5IylOi7J38wvw8jTSBbqCW
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0c657e6dd97e5f4aaaed74c653fdb606_JaffaCakes118
Files
-
0c657e6dd97e5f4aaaed74c653fdb606_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 1.1MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE