Behavioral task
behavioral1
Sample
a7479f8eb619a48c370296c187c9588d_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
a7479f8eb619a48c370296c187c9588d_JaffaCakes118
-
Size
5.0MB
-
MD5
a7479f8eb619a48c370296c187c9588d
-
SHA1
32ae6d70e213f4d7257c8e23abb460e485ac3ae0
-
SHA256
2fda1364086d1eee37558d96bef0c8ec0ce64b4fa73f3940e83e1a9f6de1f05a
-
SHA512
ffc73777ac321b49107765a0c6fe899b2cee3c3eb7d77a06447393a2b2124cd20b61369fa7439b0afeffc363de89b86316954fefac2267d5fbd95dd9d1ff6e16
-
SSDEEP
49152:Nji3OxAO2Bj4rw3kDTYYk6jQLxC41beJpleIimVpSwEjbyMPGERH4n7:NjCOxAsrAkIgcLxC6OplGmbSwc+G4n7
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a7479f8eb619a48c370296c187c9588d_JaffaCakes118
Files
-
a7479f8eb619a48c370296c187c9588d_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 82KB - Virtual size: 21.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 874KB - Virtual size: 880KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE