Static task
static1
Behavioral task
behavioral1
Sample
jcwb57.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
jcwb57.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20240802-en
General
-
Target
dd48d873fa575a2067e93d0eb18b9d5c_JaffaCakes118
-
Size
1.2MB
-
MD5
dd48d873fa575a2067e93d0eb18b9d5c
-
SHA1
259ed5e2779abfe4cb053a50d2cb6c94b4077c0d
-
SHA256
7f5fe12dc6004254f425f4382549a5fe3b6ded71feebe12fecf7fb6746f4f517
-
SHA512
71e5fbbbf4b2862ec530e42454ce1044db717623e4165a90eb823f0b2f8c1100e35e95821c7bc6af430e9926ee986d1872bd834e5c46015f5a06f35078b037c2
-
SSDEEP
24576:xMKT8pPyeytKqnX9WdpS34xO/Q66VHuLQcxXhTBAxn1/hoxPZU+tAVH8ZCJkLc:xMKQ9yXHX9ypS34xf+XpB0hoxRU+GR8g
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/jcwb57.exe
Files
-
dd48d873fa575a2067e93d0eb18b9d5c_JaffaCakes118.rar
-
jcwb57.exe.exe windows:1 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 584B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
新云软件.url.url