Behavioral task
behavioral1
Sample
b12b6f56f0f88360c682da18a09db322_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
b12b6f56f0f88360c682da18a09db322_JaffaCakes118
-
Size
10.3MB
-
MD5
b12b6f56f0f88360c682da18a09db322
-
SHA1
0cace4361b470a9c97d40371f3457944a696534b
-
SHA256
ad682d252ef342cdeb2c063acfbb237afdd15346e91b909ee01c8919336de5c1
-
SHA512
2ab8f6a07bd27123c4202b9a13ea76453d7977da59c1acffc3ca176d3dde7a0bd754ee932ba0ff4c4986aabbd2234f9fb6b455627e0717dfff9a6f7e5b2aeeec
-
SSDEEP
196608:GzS45SPOMeSqMUd5p2FBP2AoyTeJo1gCsu5yvFIr+X01dhwK3sz/wtGOtsKoK+ar:uxEOCUd+vHeJEfh5yvFq+E1fwPzZOSNA
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
b12b6f56f0f88360c682da18a09db322_JaffaCakes118.exe windows:4 windows x86 arch:x86
Code Sign
24:36:7b:1b:33:38:dc:ab:4f:c6:52:01:ad:27:c6:beCertificate
IssuerCN=DetectMe :)Not Before26/02/2011, 11:26Not After31/12/2039, 23:59SubjectCN=DetectMe :)38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
80:ae:ff:37:26:12:0d:bc:c0:58:06:76:c0:58:9f:60:33:b8:4e:89Signer
Actual PE Digest80:ae:ff:37:26:12:0d:bc:c0:58:06:76:c0:58:9f:60:33:b8:4e:89Digest Algorithmsha1PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 588KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 637KB - Virtual size: 640KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 939KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ