Behavioral task
behavioral1
Sample
29d9ea42495e90a9e5c69945f7bf6d6c_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
29d9ea42495e90a9e5c69945f7bf6d6c_JaffaCakes118
-
Size
2.9MB
-
MD5
29d9ea42495e90a9e5c69945f7bf6d6c
-
SHA1
c24f0661f494325445af1555cd3f01b358455ec9
-
SHA256
3e22037f99379208fbf50995fcb877642257e8c19355fdd1890df404aa432715
-
SHA512
9c4116f2da26f7bbbc74cc1a18b3811f9d4ffc6e2962fa1a1707011896a98d05acb67287d145145090c222da9bf3e977c1420afafb66d5ff35b4e39614273212
-
SSDEEP
49152:xFwCPBfDI71stuiJofmGrg8S2HmRCl6QeVhIgEGP6Ik:xC+tI71nq/Gr/HmRAfgEG4
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 29d9ea42495e90a9e5c69945f7bf6d6c_JaffaCakes118
Files
-
29d9ea42495e90a9e5c69945f7bf6d6c_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 81KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 911KB - Virtual size: 911KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ