Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
c85e9223f39a45884260c78b0b5d45fa_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c85e9223f39a45884260c78b0b5d45fa_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Target
c85e9223f39a45884260c78b0b5d45fa_JaffaCakes118
Size
1.3MB
MD5
c85e9223f39a45884260c78b0b5d45fa
SHA1
e9b9a1d025a31a82041ab39591a02a76ced55af4
SHA256
2d0d5e5d693fc60c43558582dad0e4e3970e8ea48dd4cc617e6e970632d642d3
SHA512
46055f813d8361aa8897bd1fb6b9cb173332e57ed8c54e7c9c3748d3b301239e4b446eb6b437ccea9084815a4efecef007b3fec002a567d16b826ee1ef0b19e3
SSDEEP
24576:Oq5TfcdHj4fmbpD2q1+Vf3oVGUG5y6zl8O3uXWVpA4yozB1B:OUTsamRxMf3oVGUGfuXYAQ
Processes:
resource | yara_rule |
---|---|
sample | upx |
AutoIT scripts compiled to PE executables.
Processes:
resource | yara_rule |
---|---|
static1/unpack001/out.upx | autoit_exe |
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/out.upx |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ