Behavioral task
behavioral1
Sample
27839c95f6b9e8880490863d3f2b34bf_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
27839c95f6b9e8880490863d3f2b34bf_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
27839c95f6b9e8880490863d3f2b34bf_JaffaCakes118
-
Size
200KB
-
MD5
27839c95f6b9e8880490863d3f2b34bf
-
SHA1
311903d366ce09b2de0f0cdc482c06ec7414871f
-
SHA256
3669b7a140bd6a99ab15c276044875c80b00b70a10e7813913bbba62dda20e36
-
SHA512
dc02a72d5daf6bb7213f5c8adeda92f3898bedf4a974426c5b75a34d87657e2c5b5f71be577921cf451eae2d9bdce3f3eb3fe2be2a5b77e8c6592d42ad470a6c
-
SSDEEP
3072:Hli8jd28TnTwEM7ASIKu39U10Sl+y9ewRuWsaTOSuoq0p5I8jKRb1dAW:Hlico2wnMSny0XMWsiODopRj01dB
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
27839c95f6b9e8880490863d3f2b34bf_JaffaCakes118.exe windows:4 windows x86 arch:x86
Code Sign
1f:15:4b:70:14:b6:61:a6:4d:e6:c7:92:d3:19:56:36Certificate
IssuerNot Before22-02-2011 15:07Not After31-12-2039 23:59Subject38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
43:67:97:69:9f:97:7f:6a:59:8d:62:4b:54:c5:6d:af:b3:7f:b4:5aSigner
Actual PE Digest43:67:97:69:9f:97:7f:6a:59:8d:62:4b:54:c5:6d:af:b3:7f:b4:5aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 356KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 192KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 135KB - Virtual size: 400KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 125KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ