Behavioral task
behavioral1
Sample
00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118
-
Size
733KB
-
MD5
00c08bf1d9a92bae9e38cb16864e5a30
-
SHA1
ce7756f9c23eeb86297de4ab59318397289db8db
-
SHA256
440b81055de0d438e7ae2e6b7a8d8105c0a99ee53d5069456a31188e4e5659e3
-
SHA512
fe9eeb25beeaa7953474ca5610b2469db10bb886453306a247d9eb7c1bc3bc0271c9099145931459b5bab631a016e0cfd24c831fb15ef739609928e7e5ea5b91
-
SSDEEP
12288:o9nTQAiVtuiwlF4w+dGnS0LzPgm8cryDYTS7+W+JipxdWwaH3UqCILs9:o9nNMmlyeS0LzgsryuS7+WH1xx
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118
Files
-
00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 500KB - Virtual size: 500KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 20B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ