Behavioral task
behavioral1
Sample
BidDefender2011TR/Box_BD2011.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
BidDefender2011TR/Box_BD2011.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
BidDefender2011TR/internet security serial, full software-mediafire download.url
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
BidDefender2011TR/internet security serial, full software-mediafire download.url
Resource
win10v2004-20240508-en
General
-
Target
0de0c6b4ad95f5864e1c294527be6201_JaffaCakes118
-
Size
435KB
-
MD5
0de0c6b4ad95f5864e1c294527be6201
-
SHA1
4ba37cb79fe002bf4142f3233ef0f12c30754747
-
SHA256
c5c96eec4d6a6156c0d575b957d0f95b8ed5f165203432b896e18adc9e2d14a9
-
SHA512
b460ed2b3e35f2c53e70fc72897ae2184a46063dc0f49155880555e00f3b3d17cf996c3da9f1b68e464eaef65b1711afd7a85579b44b74d2abafd1f72ecf47ee
-
SSDEEP
12288:Zxso9DnKlgQ2QcXOpa0F635eoRP8jYLuPpSWb2mdAfthiLaQ:ZxncgQbcX1t35eopLuzb/Wfy
Malware Config
Signatures
-
resource yara_rule static1/unpack001/BidDefender2011TR/Box_BD2011.exe upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack002/out.upx autoit_exe -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/BidDefender2011TR/Box_BD2011.exe unpack002/out.upx
Files
-
0de0c6b4ad95f5864e1c294527be6201_JaffaCakes118.rar
-
BidDefender2011TR/Box_BD2011.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 468KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 263KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 512KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
BidDefender2011TR/Read Me.txt
-
BidDefender2011TR/Trial Key.txt
-
BidDefender2011TR/internet security serial, full software-mediafire download.url.url