Behavioral task
behavioral1
Sample
JaffaCakes118_a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21
-
Size
432KB
-
MD5
5efb0a151579d57b1ca37a614fdfdc9c
-
SHA1
d31b3c4970bbc0cf27062957cc3f4de896d858bc
-
SHA256
a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21
-
SHA512
1974c494882c23808ea48e4131c31bb4f8c2143e646deb3b0b964ce9a86c5489b70b48eac1a3bf2e428b2e9e9cd0bf2278365a30b3c9a22ef8809d1f5676f67e
-
SSDEEP
12288:Udt56ehi/H9SDomjDBvMYojCmDu7legv5iB:ciXLDuv5i
Malware Config
Extracted
gcleaner
208.67.104.97
85.31.46.167
-
url_path
....!..../software.php
....!..../software.php
Signatures
-
Gcleaner family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21
Files
-
JaffaCakes118_a65f1034b923e7e574b4fe72ab5be4e24fa18e48dd7c9e40bf44e28fda8d7a21.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ