ServiceMain
Static task
static1
Behavioral task
behavioral1
Sample
infected/pack[1].exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
infected/pack[1].exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
infected/pack[2].exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
infected/pack[2].exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
infected/zip.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
infected/zip.dll
Resource
win10v2004-20240709-en
General
-
Target
5ffa7d4900d7521b912580e7f1b2e8eb_JaffaCakes118
-
Size
170KB
-
MD5
5ffa7d4900d7521b912580e7f1b2e8eb
-
SHA1
6cbb26facb9d293d0c334c939c622c5b26b060a6
-
SHA256
de225d4884a2f55fad897ea4a8739bf3a45bf101e7e6ebd0beec119143af7255
-
SHA512
8dd3a8ea848ebc44a8f474b843cb178dbb504ba435f2d6b8dc2116466fce207d1c29c02163d9dbd8d739354d844b226374af6353f7f661d1d15dd1bf27e9f553
-
SSDEEP
3072:9c8Aqe95vCRaPtTBfzHeBBrF8V+wTC9TFe:9vANz5PtTBLHi5Q+wO9TFe
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule static1/unpack001/infected/zip.dll acprotect -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/infected/pack[1].exe unpack001/infected/pack[2].exe unpack001/infected/zip.dll
Files
-
5ffa7d4900d7521b912580e7f1b2e8eb_JaffaCakes118.tar
-
infected/File.txt
-
infected/pack[1].exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1024B - Virtual size: 632KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
infected/pack[2].exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1024B - Virtual size: 632KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
infected/zip.dll.dll windows:4 windows x86 arch:x86
fdbfec85672f73d2a4d49635454936d4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
user32
MessageBoxA
Exports
Exports
Sections
.text Size: 25KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1024B - Virtual size: 542KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.perplex Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE