Behavioral task
behavioral1
Sample
5fde8ea80e908712a8c0bfa39d58c6c1_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5fde8ea80e908712a8c0bfa39d58c6c1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5fde8ea80e908712a8c0bfa39d58c6c1_JaffaCakes118
-
Size
3.1MB
-
MD5
5fde8ea80e908712a8c0bfa39d58c6c1
-
SHA1
06c9a065aa00bb2e4f41106f42bc5d0f73e6c750
-
SHA256
7bdc86448b1c24cc9afa1a57be3d4bff41cb1f3be3b8ea0fb279f3aa192ae801
-
SHA512
03b454818aaecb2d38c5a9d940f9b46c4cb400e917079eb67def6f3280444f8571da3189da02d93123dae3d399fcd3dea38991fb3f051b07227216a801a4418e
-
SSDEEP
49152:uw0O3gAszr0zvHjuZFEQCpmg5ujWz5qv5e8R5eV/dmjl/UQnBtvAD5BDLr:uwBgvMFLGhvtR5eV/wR/dLvID
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5fde8ea80e908712a8c0bfa39d58c6c1_JaffaCakes118
Files
-
5fde8ea80e908712a8c0bfa39d58c6c1_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 497KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 11.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 1.2MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE