Static task
static1
Behavioral task
behavioral1
Sample
f9daef097427637a4083ae60bbc8459d_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
f9daef097427637a4083ae60bbc8459d_JaffaCakes118
-
Size
512KB
-
MD5
f9daef097427637a4083ae60bbc8459d
-
SHA1
9850d1be79b6090009aa6665cb7f25b2e070aabb
-
SHA256
869ac9923bff590a255e20b12e5f923d010f7a23f3c4016d3f1411170ee550fd
-
SHA512
44970c912afe47f19e707aeb3f1ba92dc7b0002989fa48b80aafb9ec268f12efeb139af51162b706096822a1daeb2343227977dd83c47373b6f1c350e9459f57
-
SSDEEP
6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6/:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5Q
Malware Config
Signatures
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f9daef097427637a4083ae60bbc8459d_JaffaCakes118
Files
-
f9daef097427637a4083ae60bbc8459d_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 399KB - Virtual size: 398KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 35KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ