Behavioral task
behavioral1
Sample
40ccfa9cce6ee03a2e76c5b43614737a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
40ccfa9cce6ee03a2e76c5b43614737a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
40ccfa9cce6ee03a2e76c5b43614737a_JaffaCakes118
-
Size
118KB
-
MD5
40ccfa9cce6ee03a2e76c5b43614737a
-
SHA1
1d994dd4315e7051042a993ab62680a7e00b3aec
-
SHA256
452b6a4906560e02175a94c1baa36ae713863f7fb1dfbd6d21d768d9af78d312
-
SHA512
87e199cf76b84ce367baecc8aeaff069176b82ee22637e750c9c9cafa622d73af63aad8abe64c3fd2ef64bd198ff4004d4901c56887d06d3471bb936b4c85e81
-
SSDEEP
3072:EdowCX6jXmo6NOvERhyXKfcou9w9E2K4bout6:sg6uGER4XicoX95oS
Malware Config
Signatures
-
Detected Nirsoft tools 1 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
resource yara_rule sample Nirsoft -
NirSoft MailPassView 1 IoCs
Password recovery tool for various email clients
resource yara_rule sample MailPassView -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 40ccfa9cce6ee03a2e76c5b43614737a_JaffaCakes118
Files
-
40ccfa9cce6ee03a2e76c5b43614737a_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE