Behavioral task
behavioral1
Sample
32d62541fff63d820b8468b7b03c2635_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
32d62541fff63d820b8468b7b03c2635_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
32d62541fff63d820b8468b7b03c2635_JaffaCakes118
-
Size
31KB
-
MD5
32d62541fff63d820b8468b7b03c2635
-
SHA1
6c831ea0cb4a870215993e32e47569e8340e10ef
-
SHA256
895148ff8d43a562a83423a201f32d97efa4fac9b519398cf3d0e95fb808b5f0
-
SHA512
1565dd02c9caf13de4d0ee59b3be6f3c22c2b3125828534cd3a3a87b777c1433c94f653cc5d3791d62ed5b1024fe6f26cf791b5f1b77130ff8f775f04c873346
-
SSDEEP
48:OEPRA9eRj93pYY1AmQlNYNAFPslxaZDdoFAGat2mOuduUB+mZ:nPCodAmCFpsbiJoFAGakmVwUUmZ
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 32d62541fff63d820b8468b7b03c2635_JaffaCakes118
Files
-
32d62541fff63d820b8468b7b03c2635_JaffaCakes118.exe .vbs windows:1 windows x86 arch:x86 polyglot
9953cd58e4e8bb54fe27ccb925307efc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
lstrcat
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
ExitProcess
GetFileSize
GetModuleFileNameA
GetWindowsDirectoryA
MapViewOfFile
UnmapViewOfFile
WriteFile
shell32
SHGetSpecialFolderPathA
shlwapi
SHSetValueA
Sections
UPX0 Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.avp Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE