Static task
static1
Behavioral task
behavioral1
Sample
Keygen.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Keygen.exe
Resource
win10v2004-20241007-en
General
-
Target
546c4a70f68af62972020128eaf2001b_JaffaCakes118
-
Size
1.8MB
-
MD5
546c4a70f68af62972020128eaf2001b
-
SHA1
b6fbc8ed3cc3e1613d60096bbe5f11f224c0e8ff
-
SHA256
d7af5375c885a56fbff7d4b11463e2868d2270779910e2309ef5876901f043cd
-
SHA512
30b7e42512400645d29794558ec294e182a1f13a6d279901ffa324a539244da059e49ef6e0676cf867acd23de27bd4839b12b4fe3c913fc77109423bcddee076
-
SSDEEP
24576:kSbYHN6tXjGBKbC+cJC3FszTLNajV5IzO4iF+DOv6NYcVFsQoqCM1c0064qpcs:kS8E8Kb3N+aB5I64t6S4Qvxp4ql
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/Keygen.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_2
Files
-
546c4a70f68af62972020128eaf2001b_JaffaCakes118.rar
-
Keygen/Info.txt
-
Keygen/Keygen.rar.rar
-
Keygen.exe.exe windows:4 windows x86 arch:x86
820ab24e53af2dbafc74d24f87e40262
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxA
comctl32
InitCommonControls
kernel32
LoadLibraryA
GetProcAddress
Sections
.petite Size: 7KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.petite Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.petite Size: 512B - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 34KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.petite Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Keygen/maze.nfo
-
Keygen/skipUpdateAtStartup.reg
-
www.VatanDownload.com.jpg.jpg
-
www.VatanDownload.com.txt