Behavioral task
behavioral1
Sample
JaffaCakes118_71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc
-
Size
172KB
-
MD5
2d4dda004a172635939a759d9fcf80d5
-
SHA1
d0057a39fb0b8f02c4db6010862a6318fa374958
-
SHA256
71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc
-
SHA512
14e96c7e7e2913def76a42afd412e039b726cb0d63aecbd050da8697314ae14a43ab9d61774d10ff5031a09cb9dddfbe86bbe8a752d57826529d132c984e8432
-
SSDEEP
3072:WHpEsYeiA/kTGq2wdWA9ZRqM0ppdfXUA/tviRnT1+JPyVg4IY:WiKJcTuwpRqJZXUA/tviRT1+JPyVg4IY
Malware Config
Extracted
formbook
s8gw
b/iFndOEL2rKvw==
HK7quAepCJH6CkNgpH2cDYx1
YEayMA+cR1WQ0Qw/lQ==
kPVNVkAC6pEPHVFQnzCxsA==
yLE1wrE7kf1KRGRm5a95qQ==
D6ktQZWoaOJGopmOlg==
98rmMok6y5e47YvCCMQNPaqM6qf+7PsEAQ==
7Po3fdN1NNtop0X5Ryv9PnUrSLQ=
+vk1DU92V465rf1+gFhdWMFoAsAY
AuhZ6jw45aHmPdzGVilx
/9ln8smKekiYzqePkA==
7+gsdtTlpqcSL0/GVilx
6pXLEOumjAfvK8Y=
inT5kfC0FBmcw/hw7NYua819
wb/qKZCjfrEiKFz9Vyn9chrZxA==
Pil1K4a6ruUXJ2fPD5qXo+2pNMn5VdCREA==
mxo3/mBm1hMSWd8=
8ltzwIsdiPpJXbK30JecDYx1
BmrK2y9G+VyimqzrK9YtmYY=
jPP9Q/IqWt3JQSZtvqI1jb9oAsAY
xWzxa9GO6uM2f8ZremM=
81ZOUHEixtUIVv6NlIycDYx1
x3TwA2aHOqP09Rlz967tvg==
YcGkK4ptotZo
rRGPhtHpxhA5vg1ye2E=
s0nEUS76+DG4N0jCxIuMCH5s
sww09+l42RMSWd8=
nxSyL4EzoozGUpBZhw==
uyCPelMDq3XHVZFL
vctY16I47LsuQmtZV/z7PBzNzA==
E2OPZ4qidzKSyJNN
D6dFPTDUg8kaLmUmd0ldWMJoAsAY
Hfxr+EtmR3rHVZFL
GHz5DGiEOpXU1RopdxGnqQ==
vkyMO5bIjgF3jazpQxN7rCkLjaWsutEg
yCa7yRAQa3bHVZFL
IKm4cOp321WOog==
I3XZ+15s2tImMUjGVilx
x/Jd3b8EpiJXqemg4rgrchrZxA==
4mC1PjLusl2XzqePkA==
tYbmbDzOglrJ4zt2u61ws56J3tPwebg=
DuxD/09nTPBbkjfcIAAIB3QpxWbK3rA=
HHuuqojxl4TAA5Jf
C17m7sNUuc5hra6AeHQ=
vgw+g9qBRjWM3Ik7mA==
GGODX7tmIuDHVZFL
KH6t4TE6FtX+T+PT05shjfFoAsAY
nwWYlWch9TA3hqlW
bXb0fcySIOTHVZFL
aPlXnvfBsGj7O5hRUSQnGI4=
Zpznw5MtmI3HVZFL
19Zg6zNnTPgWPmPM0qicDYx1
kgAZh+ZmxRMSWd8=
f2gI+k/SivxGUIFve1MFSHUrSLQ=
IShqS5bKxWbWFU6N5rNJPRG+W5SWLQ==
67fiJ39totZo
0+kxCeKnjAfvK8Y=
xJoBjOzyVM4zNDhpwpcuchrZxA==
oIoetRFMRHP1M2jDwZmcDYx1
J3OgdY4S7Sg=
fBJLDHKdTs5VZHdiWTH9RXUrSLQ=
kHi1PIBtotZo
cFOqg9WHL2rKvw==
wi6VpX8DXHHHVZFL
aeneontrue.com
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc
Files
-
JaffaCakes118_71d59afc0939a3bad6b7e9c76155dfa03577275a0fee0584524d3c4b87b565dc.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ