Behavioral task
behavioral1
Sample
79e6cc28e0963624948eb30a0d186e18_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
79e6cc28e0963624948eb30a0d186e18_JaffaCakes118
-
Size
367KB
-
MD5
79e6cc28e0963624948eb30a0d186e18
-
SHA1
6f2ea39a768a353fbc274bb23b08f017cd063e6f
-
SHA256
7ee15a666207cba86b1693f32ff79b40b0e45a3fca3ef47b46cb61a9c41d9f9d
-
SHA512
fbb11d97af83fd50137bce2f0a322a558f4cd02bc2d58650bc65a295a1fe17cde7d8df65279aa75dc2eb02bc4d3bacfaff5742440c0ec882d1ed919fbc2e7fec
-
SSDEEP
6144:Uo6mAeSeYD5An7Xu8UjsTPH1g3E6mvyiw7/+nx9b7r+oBGFQ04CQskrFLofmE:uChYWnK1EPH18E/vyN+DXIQ7JLofmE
Malware Config
Signatures
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 79e6cc28e0963624948eb30a0d186e18_JaffaCakes118
Files
-
79e6cc28e0963624948eb30a0d186e18_JaffaCakes118.exe windows:4 windows x86 arch:x86
c92746cd3b69c56e5c4ed6d3f9854fa1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
VirtualFree
VirtualAlloc
FreeLibrary
VirtualProtect
GetLastError
CreateMutexA
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
user32
MessageBoxA
wsprintfA
Sections
UPX0 Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 353KB - Virtual size: 353KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ex_cod Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ