Static task
static1
Behavioral task
behavioral1
Sample
payment_copy.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
payment_copy.exe
Resource
win10v2004-20240802-en
General
-
Target
ef23576ed90e4d18cd3a63bb25a61cd6_JaffaCakes118
-
Size
493KB
-
MD5
ef23576ed90e4d18cd3a63bb25a61cd6
-
SHA1
fed2b51488c9991b815d2a23bcd53ccbc1bce8b5
-
SHA256
cd0bc188c3dc9db6dfe172f741057a0b125fc5929c918e5bf6da9db4f25a5965
-
SHA512
a3ed94b810c097d8420c652e4a95df3c47e306b8a7d8b09a30b3925936fe0e985a4262bfabd4c2b4ff7d3b0509ad23643722f07cac880d69d9a90ec930591e58
-
SSDEEP
12288:Sti1Prit+ApkT0CZKE+9W/Y32pAIao3xooe/T8iMSpN:HqPk4CAWo2pl332oe/QiMSpN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/payment_copy.exe
Files
-
ef23576ed90e4d18cd3a63bb25a61cd6_JaffaCakes118.zip
-
payment_copy.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 449KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 424KB - Virtual size: 424KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ