Behavioral task
behavioral1
Sample
f5d205ff3db93a1610157f8c28a03260_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
f5d205ff3db93a1610157f8c28a03260_JaffaCakes118
-
Size
5.7MB
-
MD5
f5d205ff3db93a1610157f8c28a03260
-
SHA1
1316b0d1fab4d98cbb4a93fa5e292e9af7835a0f
-
SHA256
b1b7c188ca82b9e24d49e3564c4a36468c933f839c517c8def5fde0c03b2d8ea
-
SHA512
ba483d2156a4d1a55a8850dd80a269c2965b51018c837556574e7d456f9ec2110cd43f3c67178830b5f1bb25695c5237adeebf8a7815e314e3a856931a2d7a9c
-
SSDEEP
98304:NY3mkrzGhjbedgtvo+WjIQFYOpl4WuQnbEvJDMDfhGeq0M62WET6Au:u31zG1bedgtvBtipuQbCJDGZkZPWET67
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f5d205ff3db93a1610157f8c28a03260_JaffaCakes118
Files
-
f5d205ff3db93a1610157f8c28a03260_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 170KB - Virtual size: 388KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.0MB - Virtual size: 10.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 613KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE