Behavioral task
behavioral1
Sample
700a117ce921dc8d7339c7d7759846c1_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
700a117ce921dc8d7339c7d7759846c1_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
700a117ce921dc8d7339c7d7759846c1_JaffaCakes118
-
Size
870KB
-
MD5
700a117ce921dc8d7339c7d7759846c1
-
SHA1
561dd8d0637b39e3b1ab3995de14462857379af0
-
SHA256
6ef91a8a673d68953b762d1d8a3aa763575b01da983c79d86461d8598cd77509
-
SHA512
fd6c9ff8adc7d8e62d9e3d66ceee06c4ad0e8788b408ae8c1f7c9bd5abf646dfe70efccd48034ce59aa9b4ed62177e8e3f862dbec371668536e3a50da8aae009
-
SSDEEP
24576:ftqFdk7Uxc4lU6HaWfnj23LE/lGyy9716tEg7pkycWH/zGzMCE:ftqFu7cc4lU6HaWfnj2wtGyoupky/7X
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 700a117ce921dc8d7339c7d7759846c1_JaffaCakes118 unpack001/out.upx
Files
-
700a117ce921dc8d7339c7d7759846c1_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 842KB - Virtual size: 844KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 312KB - Virtual size: 308KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ