C:\Users\Dr-West\Desktop\Root Dr West\Root Dr West\obj\Debug\Root Dr West.pdb
Behavioral task
behavioral1
Sample
c3d653a38cd427d3af1e149d12d167e3_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
c3d653a38cd427d3af1e149d12d167e3_JaffaCakes118
-
Size
649KB
-
MD5
c3d653a38cd427d3af1e149d12d167e3
-
SHA1
ac73bfb575e30d88eda10251c2d32004fe832120
-
SHA256
b2a8ad63f2f68bbdfd64157ff209a6ee86850b08e5f2b6f4836250a0d70a67d5
-
SHA512
36dcd0254d13d1a2fb436fec22bb01edbadb9a4d6622d2034feac58af7fde81409376847f02f185562cd4b4720f0dc4fa6d17eff77bf74068be294994ea8cb05
-
SSDEEP
12288:uiuRp5Kr9ni3RJLKLRuMEY16hQoCE4Os0KQWVpnW2iN:VQ3fWkMEYgGNDQW61
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource c3d653a38cd427d3af1e149d12d167e3_JaffaCakes118
Files
-
c3d653a38cd427d3af1e149d12d167e3_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 635KB - Virtual size: 635KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ