Behavioral task
behavioral1
Sample
f0a9752524d462b9798aaa28b67804e6_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
f0a9752524d462b9798aaa28b67804e6_JaffaCakes118
-
Size
3.1MB
-
MD5
f0a9752524d462b9798aaa28b67804e6
-
SHA1
26323476c2cbb47c9d36ac160a994dd6a70cc355
-
SHA256
1cbb4a1c0c361b15ccb6500da0aca19aa7adc3b1548bc16be8102b5998167fb4
-
SHA512
5c38a5b1628a751ea7c18563a3376b7da89adc0503115e2cc4d03322106f8bf4d6127f6519e2b2a4633fdf9571f12e6aa8f62c7f7c6b165d932ded85efe2d5ff
-
SSDEEP
49152:6uHZ8jCW9vInrSJyZ/jfaTj3dTYlxwvP0ICT9IaWuqdnMj1JFwK:t2mWNInfDx6cbT9IaWdy7
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f0a9752524d462b9798aaa28b67804e6_JaffaCakes118
Files
-
f0a9752524d462b9798aaa28b67804e6_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 101KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 924KB - Virtual size: 924KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ