Behavioral task
behavioral1
Sample
b20e6288bac14414b3ff8850804fbab3_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
b20e6288bac14414b3ff8850804fbab3_JaffaCakes118
-
Size
48KB
-
MD5
b20e6288bac14414b3ff8850804fbab3
-
SHA1
be465167248beb743af46585399dd92117b0fe7f
-
SHA256
c0523ff861e281448d42de2399a44aa3de400e5435414ea14eadf428a68c3b20
-
SHA512
f9338ff4ef56bb484f26c786c67d733ec516200118b62f33c6f3854fbd46c46c3585ef989ffd8478e8760978bc0b32cb246580d48c8dfb3f338e0138e43159f7
-
SSDEEP
768:Ca6aOnbto3vB4Au9Iy0M83iJRdSJUElzWdPZM4R5txNiRrKKgRBg:Caeia2V1aSJUE8coWRrKKgRBg
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource b20e6288bac14414b3ff8850804fbab3_JaffaCakes118 unpack001/out.upx
Files
-
b20e6288bac14414b3ff8850804fbab3_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 64KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ