Behavioral task
behavioral1
Sample
c07d6447080c9bcf014c68107bf65b80_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c07d6447080c9bcf014c68107bf65b80_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c07d6447080c9bcf014c68107bf65b80_JaffaCakes118
-
Size
380KB
-
MD5
c07d6447080c9bcf014c68107bf65b80
-
SHA1
0a0602eb016efbd0fdfdab7fd1635c55f5d6de8e
-
SHA256
317b8e268463d7da7b045ae09900b57f9ec105a91f464684980d0354b012f145
-
SHA512
0da8a38b7928d6ebfcb0e2fb68c7b1c981ea6f8108daf61cb6e0160b563f0eb86bcacbc1ea6364a8a8f1f1ffc9c6f1a22fb2921126ef10fcff1ffa5cd6261235
-
SSDEEP
6144:gIyiH6muqrtUC53mlb53il481oyganYoIUZMW6QhFHPNpmdcBQzne+WOferUhYRE:gIVxuqpUC52lbdJFQYoXZMP4vNMdcyzz
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/out.upx
Files
-
c07d6447080c9bcf014c68107bf65b80_JaffaCakes118.exe windows:4 windows x86 arch:x86
Code Sign
6f:76:88:6f:1b:79:00:4f:b9:11:ab:69:21:52:e1:5dCertificate
IssuerCN=Root AgencyNot Before03/04/2011, 22:31Not After31/12/2039, 23:59SubjectCN=Ouvfajdypclmbow38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 9.1MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 370KB - Virtual size: 372KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
DATA Size: 9.4MB - Virtual size: 9.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CODE Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
BSS Size: - Virtual size: 5KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ