Behavioral task
behavioral1
Sample
c1e82a06eadb9b6f49ba66279020b08d_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
c1e82a06eadb9b6f49ba66279020b08d_JaffaCakes118
-
Size
567KB
-
MD5
c1e82a06eadb9b6f49ba66279020b08d
-
SHA1
3f8af8b614efeb6c07efad826c4d0d0492f1f0e2
-
SHA256
d2670444d77b43702634ceff4a4b5e89a044367e9945a24c59636a86b9fb6656
-
SHA512
19f181543ad8a92b7a50be2a3da14ae9a907037e45e67a02d09e176e059c47e54ffa1977a0aeb23dadaa608cc076a444bdd29fcb9f04c1e2ff5759806dd89ef7
-
SSDEEP
12288:xUbNoAj6gI1RbdSLMj6D+rmvqmu6paH9kVa82lvhDFzh0NQAXc:xsLI1RbMT+ydpA9kVa82lvhDFyJ
Malware Config
Signatures
-
resource yara_rule sample aspack_v212_v242 -
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c1e82a06eadb9b6f49ba66279020b08d_JaffaCakes118
Files
-
c1e82a06eadb9b6f49ba66279020b08d_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 16KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 57KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 488KB - Virtual size: 744KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aspack Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE