Behavioral task
behavioral1
Sample
55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
55522c1da2cf9392d2258d90652114d2_JaffaCakes118
-
Size
1.3MB
-
MD5
55522c1da2cf9392d2258d90652114d2
-
SHA1
1188ef67038c2f14a754d89e994658ca716505bf
-
SHA256
b860589bc0c02e342d327a5be7a3cfe78f65f4ed0f67d06d6caa204b276add87
-
SHA512
e68442753ef81c446f3a4a88e14fefee1302bf33c193018fa8432cd9a15c6d9f0bdb660dc9f5a029732045b0ec0d225c18b7b498e8f65d19efc1ddca56707652
-
SSDEEP
24576:gzOUxaOWk01G4fbu/F1ZYDnaCXtztayjngSPjVh4L3GmPA705sCvsk5Xf7v5lFW4:gzOUxaOyGaupAa+XjHlAAoefkVf7voFF
Malware Config
Signatures
-
Detected Xorist Ransomware 1 IoCs
resource yara_rule sample family_xorist -
Xorist family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 55522c1da2cf9392d2258d90652114d2_JaffaCakes118
Files
-
55522c1da2cf9392d2258d90652114d2_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE