Behavioral task
behavioral1
Sample
08e0a5cedb357b8db846b9cfa848b772_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08e0a5cedb357b8db846b9cfa848b772_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
08e0a5cedb357b8db846b9cfa848b772_JaffaCakes118
-
Size
512KB
-
MD5
08e0a5cedb357b8db846b9cfa848b772
-
SHA1
a42adb8c9b7547bd8dc1f96d4761f737842737fe
-
SHA256
b236df93a56b0b6b4c91539ea07a34306b49a39bfc2d0dc17fabe89f435a914a
-
SHA512
fc475340c2f08d69d4ca8324cf23c4e75364036019a00e2232b52fbdd267c108bef32e5aafbc8c0d7b0d1ff35a4e4a2c924c1cee82b7ff3ef36b02c1dfecbc05
-
SSDEEP
12288:ET0/pY0TbWc+9aTMZF5nULEohodtz70ZkPQKn:W2CSbWtM4HdaEgItz70Zkog
Malware Config
Signatures
-
Ardamax family
-
Ardamax main executable 1 IoCs
resource yara_rule sample family_ardamax -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 08e0a5cedb357b8db846b9cfa848b772_JaffaCakes118
Files
-
08e0a5cedb357b8db846b9cfa848b772_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 365KB - Virtual size: 368KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ