Behavioral task
behavioral1
Sample
e17f8d9173fd5f30705ba184883b6163_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e17f8d9173fd5f30705ba184883b6163_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
e17f8d9173fd5f30705ba184883b6163_JaffaCakes118
-
Size
144KB
-
MD5
e17f8d9173fd5f30705ba184883b6163
-
SHA1
ac10dc8e92306d65f6bc4052392dac409083e64e
-
SHA256
23e637f7f022adc41d60825756ce07ab14384c8adf3a8ef59bcb05a1f7f94cfe
-
SHA512
7928e259a025d3a2be88efc75ca20b20b52397f4979af63157631801615651b79d1b7509725ea55e682d07966a739827cdc37d65f708a93737f611439e3694f1
-
SSDEEP
1536:YCqlwmQJn6NAooqurT0GQi9SLk+3/n+P8UdNMyZ0QGM6:UIo+/9SQS/y8MeyZRI
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e17f8d9173fd5f30705ba184883b6163_JaffaCakes118
Files
-
e17f8d9173fd5f30705ba184883b6163_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.Upack Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE