Behavioral task
behavioral1
Sample
2854e9e5e2a0f5b574342369a3bfe379_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2854e9e5e2a0f5b574342369a3bfe379_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2854e9e5e2a0f5b574342369a3bfe379_JaffaCakes118
-
Size
196KB
-
MD5
2854e9e5e2a0f5b574342369a3bfe379
-
SHA1
e777573f51078e708926dcc0ee5da31ffa0b55bf
-
SHA256
2a3bf4305468e320cc62fcefc23fb056237c8739f31838e27114eca9c912e396
-
SHA512
a5ea8ef669627dddfcf91d4745bfaadc379a10b9f20d32ac955bf5978ad67a72bbcf33697a02b17638c25f98168d018e86f23e51e423692aac8ae70724c44a17
-
SSDEEP
6144:jUnzFF2S9eRo5mIlZMATk72l9xfgb33egP1L:jEFoS8WmIQAA7C9RO1L
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
2854e9e5e2a0f5b574342369a3bfe379_JaffaCakes118.exe windows:4 windows x86 arch:x86
Code Sign
75:4a:c1:04:f6:2e:f3:bc:45:74:91:39:0d:13:39:73Certificate
IssuerCN=Avira GmbHNot Before10-02-2011 18:10Not After31-12-2039 23:59SubjectCN=Avira GmbH38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:24:b8:94:a6:6c:a0:db:a5:9a:0b:37:b5:0a:c4:64:6a:7a:b0:f7Signer
Actual PE Digest11:24:b8:94:a6:6c:a0:db:a5:9a:0b:37:b5:0a:c4:64:6a:7a:b0:f7Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 312KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 183KB - Virtual size: 400KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 482B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 80KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ