Behavioral task
behavioral1
Sample
2e93f494cd6dd817d3239f5a5058a252_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2e93f494cd6dd817d3239f5a5058a252_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
2e93f494cd6dd817d3239f5a5058a252_JaffaCakes118
-
Size
689KB
-
MD5
2e93f494cd6dd817d3239f5a5058a252
-
SHA1
ff4df9f506e4f8b0427b2a4aece7f2ddfedea56c
-
SHA256
55ddc6807cde2d98268421aa36e596e66d447ced755b190c01a2cefa84293b95
-
SHA512
6927d4e0fc11d3067061b728b419543ddb3028ae8fcf7dd8b726c8dda10d8d971d5916b25c787ac2d0006d5b697a55671ec43f998f5ebaa3873bb47a44624d3e
-
SSDEEP
6144:5uHOvnmy+g4g/UOPSe570Szp3b/UOPSe570Szp3/uHOJnmy+g4g/UOPSe570Szp8:gOvUOB0vOB0fOJUOB0vOB0Zlr
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 2e93f494cd6dd817d3239f5a5058a252_JaffaCakes118 unpack001/out.upx
Files
-
2e93f494cd6dd817d3239f5a5058a252_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 180KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 37KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 144KB - Virtual size: 143KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ