Behavioral task
behavioral1
Sample
bb01dc49079b3fa2e2dcf8e54ebef30c_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bb01dc49079b3fa2e2dcf8e54ebef30c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
bb01dc49079b3fa2e2dcf8e54ebef30c_JaffaCakes118
-
Size
58KB
-
MD5
bb01dc49079b3fa2e2dcf8e54ebef30c
-
SHA1
2f9b4ca3b4f94c7458a297aaf5db36cf845f9495
-
SHA256
dfdb7d5463bd8b77e389e6b52fcb0c0936672d83d4ae648be101070d3af8feea
-
SHA512
9d998c287d0841aadc681e7a26f4c9078ce9dc5b885a33c03468316ee737390b0210da17153d36c2eb0c5dbf91c179e3ade43503a604e4ed0f375cda21a0a074
-
SSDEEP
1536:Vqex+sTpxl0qb7y1E/HshQfQv1W63f/J0ImLrF1jdV1KnI:V5x+sTpxmqb7yS/2QQY63f+IORvV1KnI
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource bb01dc49079b3fa2e2dcf8e54ebef30c_JaffaCakes118 unpack001/out.upx
Files
-
bb01dc49079b3fa2e2dcf8e54ebef30c_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 128KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 55KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 164KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ