Behavioral task
behavioral1
Sample
00679602a0446366355aac32bd5840c3_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
00679602a0446366355aac32bd5840c3_JaffaCakes118
-
Size
286KB
-
MD5
00679602a0446366355aac32bd5840c3
-
SHA1
7948c6ee020f2c4dfad8811cc9acfc36d70e20ed
-
SHA256
c955124f61f85b283964e57963312603dbb450266973f3d1af7ccad129fdeaa4
-
SHA512
a6096613d3f2a343490b0750e6c79e35148591eeca61806830839d55d99528b72168a68c7141118f31cbdc1bd9e1e25748ca74d30a02507c967f2cb0381e4226
-
SSDEEP
6144:Pe4eace0srt++Y40DTiz8OGpXzjlUNSuh7TsbZVZiM0p:m4e5sR++YTDTizvAMSuZUZVkN
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Processes:
resource 00679602a0446366355aac32bd5840c3_JaffaCakes118 unpack001/out.upx
Files
-
00679602a0446366355aac32bd5840c3_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 28KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ