SȂ����Ob������ߟDxD��H������s��)g)B���}��p���N+U�����R$�S���/X�Y���"�z��� D�X*�SL���Fd���z����0��"�"��Wd�U�v��yo�^�/I��B�����C�n��{sՅ|g2�碭X.�E�!T�� ���y�����Mu�@i��h�ڄY����堩���di��p�{�,A�2��~5�~�L"qg�M&4C)�\���X���U��N| �o.U]u�D5����S����2'G.��ķ���G��&��pӖV�YC���!�WB�̎!��8^�+��V�y�Ѡ�� 6�V���Lw�U���Nx����У�N��8�xE�8ߓΆ I�"&쵂���������l�}T�|c�n�ln����!p������3�<��Ť�-gtQȭu�U�H�/GM2��s[%�ܡ0�؞��(��f<Z(�C�e���e Hv�R��d��� �Du��<V<)�.�?��� jL��{��b��Ӕ��w�1!#KV&t���%�Z��g���K3��2���%pXC���rbr 3 ��yK'`к�X��B_|�Y,�;�_᷁җ��uH�f�M��-_}G���bFio/ĥ�w�DQf�$�"�y�p�B�ۘ-dxJ�����@p�Գ��t��ޡ�!FE�=ȗ�XҼ�>�S!ORKm�۲��a���ᒋW��{�q�&U�6�r����x`ڪ������)d�p�%��0�D8��vP���.nӏ�8��j�?��GV2����&Cr}�N,�������}��k�+�q�����56�)�aƃ��봭��®����ꐐ$�J��ؑ�V�#�'���b����M0j�υ�OH[0�fƛ�3U����Ao�G7�8{��W�����N���ˇ�º���ߝLN��N=�T��~�2�m�� �Xٔ*�j���.g'�ԥ<�!� �V��҄��$4&n{ގq���.XE��DS��"�;@�SF�s>�(�*�d5��InrW��C�k%�j��E���5<�c�H%W���(��4������� �<���$���d|']}P8X>��>�aɴ���hN!��/�����ɕ��c])%�)=ԱԞ���&� �u+fVY6�:D:}(�m��7N�?e{�e��ŗ�Wem���c��~��mZ|�?Yl�e5��Y=��%i���{��O22W��$4����lp��=��'��"&_��ᎃ�g��«q�����p��c�4�Q�{֩���K'1^ �c��,�^�",�bk�y �$�NEZ2�b�����6��d.:�d�х�žrkw�Y�Kns(��me>"�?z�t�5�:4�z��ID�0��rQ Ю�O�N�D��aO}rfe���Zݘ�)���Ϋ͒�l��WlZ��@�`���@��� �˩����0��3P�, g����kpՈcP�l��ZφY�Z����!V�� ���-���w/�+�#��r�aOH`z�@"��YUԓ�6#���Dq�0�j6NO,O�_l$���6�Jm�.����m��P Q���O�m�4j��T�6����뇁?�5�c���'FAWT���H&Xw-7MV�Q����}�`��1�K[���C��e��5�O�tD�@�}<�FD�8 ��ewwv@���D�|W�����Э��@ՖA.�����2h ���t�;�":��v�h�{�>_��K�?�����cRd$X鑬{�.a<DU���u��&ߠ�����hj��W8��z�]N����D�%�/?�R��.aP 6���h���>"���M��~�Y�Hm8&!)l��R���v.�K�0Hӥ4\�"jl�e���ϳֺJ:��ӷ'f��C�L������+|wuX�����c|�D7��=OS����H�֖���WRa�������dt���O���6%?����=�I���Q�+b���X������ ����� ��#?'q��I��� ��O�Z>�A��^{���OB��2����A骬� �&����XS�9�9�7Ӹ�9�<�O�B��\�����t��B6 �,�˸p��_.ṂgɝIu�D.��q����m��߁�ަxw�i*}��*��� c��8*�+���ص���%�Ud]�FOAЫ ��j�S��]]�w��T�\���yN�`�r��p��.io��ˮ;��o�F���X�5����dM �£F��T t�6H�5_����#�j}� ����?%�E��C�`�/C��; 2�F��Kn�����JIl��Ղ9Z��6����=��sx��y��yzE�p�":��0�:�D�W�z�g�D�;Q�������}MQ�qP��� �(?a����Q��"T@%bP*�u���A�"��qy��hZ��ά6M��d�RZ���0Õ"\ qX�0�:RP)@P��f�t���F�v[ڹ��'w#� dh�a�ꔉ[]�9�x���J_���z��/�V.po[<��_��C){L�U�|r� �gx���u��JKX=��|��nw��$�CR%�#Ac�t��~��r��Q�/�����E"�G�N��LC�ǍH���Y>X�G���8��dL����9b[�U�`�XP��!����|0l�&S��ܑk��X�|�Dn~����Ru�H�a:�}�K�ֹ(Jj&��>������@�/�pC���ˇkC�Ɂ��MON��3�k���ݯ}��"��}�F<M��t�w��D`Ē�ݹT�3$)���Q�s�b�$p�Up�j��ұF&G/�}.(I-Es�,�����f2�'P3��cޅ��.é���,�: <@��g��;2�E䭿��(^F�A�Q%�2K���b�#N}}�-�<�������zUJ��K]�:�Eg� �7������#k���>��7�-M�}�V�)���Wj �c:��o�Kj������]2mEn����9C_�"�&��K������q��7 ��`@.Ҥ��m�\�D�4�F�ۉ��:3&Ms�ݦ͚�/��灷:�xu��,��������V���N�zp v�/n<�|
Behavioral task
behavioral1
Sample
e097a85720344a68f25703e6be812aa6_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
e097a85720344a68f25703e6be812aa6_JaffaCakes118
-
Size
1.2MB
-
MD5
e097a85720344a68f25703e6be812aa6
-
SHA1
b859edd8a06c78024460b435596f80b794db6ce3
-
SHA256
adcf88a252ff80ddbf360464adbba85157b79ddeb47ba2e6691182e55da26991
-
SHA512
bb011747c5ec769303d0b0e722abd24b8bed06b9d533c85fb211ec17dccfb3dc523cdd06b1df8700cdf63351c66a01c42d742bb340a463e7d5cafa67c1f3d4c3
-
SSDEEP
24576:GZh0Yob5FEqb/RwSDXnvK9hjj+aEk0bJ8KZfeJHEPabMZOkl0:GZh0L//9D3vK9hjmbeFEPLOP
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e097a85720344a68f25703e6be812aa6_JaffaCakes118
Files
-
e097a85720344a68f25703e6be812aa6_JaffaCakes118.exe windows:4 windows x86 arch:x86
2903cce31e90326e0f45e835221f6bc4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_adj_fdivr_m32
kernel32
ExitProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
wsprintfW
Exports
Exports
Sections
.text Size: - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.mackt Size: - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: - Virtual size: 578KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: 669KB - Virtual size: 668KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ