C:\Users\Amani\Desktop\Multi File Binder\multi file binder stub\Backup\multi file binder stub\obj\Release\DZ--DZ.pdb
Behavioral task
behavioral1
Sample
3a819e1ce4c18ecce8115195043a0c50_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
3a819e1ce4c18ecce8115195043a0c50_JaffaCakes118
-
Size
194KB
-
MD5
3a819e1ce4c18ecce8115195043a0c50
-
SHA1
462f26db8f151bb0f77882ca788f864c7f767aa6
-
SHA256
3e97b2fc541b3a23e2fb612f7b272a9619b25cd446e288bbb0a4c94944712513
-
SHA512
786ece052f1272062cfe060a9e06ec3b8381f8e79c0ec433d5193a928b63c32fa4611f3eaa1befb4d27957b431af0addd9a6456ffba6e88b6daa2f95b74fdd3a
-
SSDEEP
3072:L3gbjAOEY4TjVzg8252TDH+U0p+Cjey9NxOjCzYsKF8ttY8QoQAEJ0by:T+81Y4TZg8ZH+U0hj19NxECzYBKMq/u
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
Processes:
resource yara_rule sample family_xtremerat -
Xtremerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3a819e1ce4c18ecce8115195043a0c50_JaffaCakes118
Files
-
3a819e1ce4c18ecce8115195043a0c50_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 169B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ