Behavioral task
behavioral1
Sample
1035e23704a68fc868de74a0af5a0159_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1035e23704a68fc868de74a0af5a0159_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
1035e23704a68fc868de74a0af5a0159_JaffaCakes118
-
Size
1024KB
-
MD5
1035e23704a68fc868de74a0af5a0159
-
SHA1
1cb530368bd09d7fd5ce92d523501f6541c30f3d
-
SHA256
86143a2e696b5a662d044936b8105ee7dd44425dc35aa18e130c332347249d3e
-
SHA512
799650a3e9a4824668e72045cdefcddb9fc0ad1cbdd253c922d88d22244a7ae27ee480d7d6a70f4b85bb6278c5a71cf9bf5e402cd63ba209f2bbedcd6a8a2ebf
-
SSDEEP
12288:emqbxMhh9oqJKb3HBHVh2GUdyTAZmPSdotvl0XQqCeDUPnnic9bzDAPJRdgM1:pqbohPJKzB1hZXTAZqAovlj6U7wbJ1
Malware Config
Signatures
-
R77 family
-
r77 rootkit payload 1 IoCs
Detects the payload of the r77 rootkit.
resource yara_rule sample r77_payload -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1035e23704a68fc868de74a0af5a0159_JaffaCakes118
Files
-
1035e23704a68fc868de74a0af5a0159_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ