Behavioral task
behavioral1
Sample
xf-adesk2012x64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
xf-adesk2012x64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
最牛的单机游戏下载网站.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
最牛的单机游戏下载网站.url
Resource
win10v2004-20241007-en
General
-
Target
54658219640144a5aa745b09d813d07d_JaffaCakes118
-
Size
257KB
-
MD5
54658219640144a5aa745b09d813d07d
-
SHA1
b81b35b876a402530c5b3c9022d81293e7f07ffd
-
SHA256
4f73cb87443784e1f1dfaa1475c43f93002513641ab34e534a7fd853710f658f
-
SHA512
62c25660720a83d6a101d14cb12d8d80ac2264d7c91fd7ff461322fb609846acd61b1d65d823ae55799e83910290f8a6bc4c04a0dd57479518605ee168a99163
-
SSDEEP
6144:HQQAnxuCRYPEXdQJwVC3QzPokMe6DkW+4myRwpDXPFMaVMQ58:wUCRvV2QzPDj/aRw5XPFMaN8
Malware Config
Signatures
-
resource yara_rule static1/unpack001/xf-adesk2012x64.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/xf-adesk2012x64.exe
Files
-
54658219640144a5aa745b09d813d07d_JaffaCakes118.rar
-
xf-adesk2012x64.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 484KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 192KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
最牛的单机游戏下载网站.url
-
注册软件.reg