Behavioral task
behavioral1
Sample
15ad62d680dc9a102726839e40947cca_JaffaCakes118.exe
Resource
win7-20231129-en
General
-
Target
15ad62d680dc9a102726839e40947cca_JaffaCakes118
-
Size
944KB
-
MD5
15ad62d680dc9a102726839e40947cca
-
SHA1
2c86c551936166fffa254ec476cf32819b983ee8
-
SHA256
60813671d05bc0395d22388516b95cab683d03368fdcbfa5653b4aae9f1dc4ef
-
SHA512
3060257623a248f3332f98168248a44c78829cf49d5f19ee4e5cc8dd8ec7cf506c483f4c3cfb2c8f25fb772ad31e739e1e49db15b1c1c930845caee560057970
-
SSDEEP
24576:7uNkB2n5nfgrkrknV/uGTshqQgNBIBDTIUkMBtnxDQ:r2R2WkRuhhPgNSBDpXxDQ
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 15ad62d680dc9a102726839e40947cca_JaffaCakes118
Files
-
15ad62d680dc9a102726839e40947cca_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 312KB - Virtual size: 688KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 620KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE