Behavioral task
behavioral1
Sample
7691be33b05e755d09c7a4aabefaa919_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7691be33b05e755d09c7a4aabefaa919_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
7691be33b05e755d09c7a4aabefaa919_JaffaCakes118
-
Size
312KB
-
MD5
7691be33b05e755d09c7a4aabefaa919
-
SHA1
287d6ac86577accf6ca73cd688b1aa20e2494c2e
-
SHA256
105827158cfd47e24d788c29297c74134d24c5cbe704fa8de425d200d6f39a4b
-
SHA512
5d308d2dfaab348a51ca02aab06c38c1b4dfec03635280012b7bad7a31012116189e970fd5c5e9598141bd5aa026dc18e874366df30d29b1cb446a40a4f20ab3
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBN53+pcCJJvHkIoS:Zr7xS2Vp6FwTAbJJvHjoS
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7691be33b05e755d09c7a4aabefaa919_JaffaCakes118
Files
-
7691be33b05e755d09c7a4aabefaa919_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 105KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE