Behavioral task
behavioral1
Sample
81d67967b68cbdad6fc3c852d91244ce_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
81d67967b68cbdad6fc3c852d91244ce_JaffaCakes118
-
Size
81KB
-
MD5
81d67967b68cbdad6fc3c852d91244ce
-
SHA1
1e83a61ba6d4eedd15aa47665a3950b5e54d672b
-
SHA256
b4639dd586aee3f3cd5514ea37f0be9600d54653247a7ef7a9742dd2ef34ef44
-
SHA512
528df176e3575617371382a029edcb1c6d33b1910ea23498db6a98328ae031f4f3d88f27d3b7d1f69c95bb6744b88c728f7aa69b80afe65bf1e1a2e65512d28a
-
SSDEEP
768:/Tn5sDPXmRKddQy0kyKWaO2Xh2Yc+CW08x6:/La8KEqWAXbc+Cz8x6
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 81d67967b68cbdad6fc3c852d91244ce_JaffaCakes118
Files
-
81d67967b68cbdad6fc3c852d91244ce_JaffaCakes118.exe windows:1 windows x86 arch:x86
d6d7818b254585f1d859cd7269147881
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
SuspendThread
RegisterServiceProcess
CopyFileA
ExitProcess
GetCommandLineA
GetCurrentProcessId
GetCurrentThread
GetTickCount
GetVersion
GetWindowsDirectoryA
advapi32
RegSetValueExA
RegOpenKeyExA
RegCloseKey
Sections
UPX0 Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.avc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE