Behavioral task
behavioral1
Sample
6cde50643d89d85e47103cb2d55a7985_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
6cde50643d89d85e47103cb2d55a7985_JaffaCakes118
-
Size
440KB
-
MD5
6cde50643d89d85e47103cb2d55a7985
-
SHA1
1b24244387df10bd7c247f2a7c03cebb13a1924e
-
SHA256
69faf79122e5c4c0e6aaa331acf207ed46c7ece34f0bcd891c3014e81c2bba5b
-
SHA512
96409bb56fd0286c00349ccec63d9cb4d28d82d5f7604afe6e700d1589d8de7ed18e850bbdfc21ea619451b2792892b1b8206ae9616754ec8f0eedc00ee8019b
-
SSDEEP
6144:CEK25f5ySIcWLsxGYW4DYM6SB6v+qLnAzYmhwrxcvkzmSOp:CMpASIcWYxsU6hAJQn
Malware Config
Signatures
-
Urelas family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6cde50643d89d85e47103cb2d55a7985_JaffaCakes118
Files
-
6cde50643d89d85e47103cb2d55a7985_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 377KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 50KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE