Static task
static1
Behavioral task
behavioral1
Sample
BXA09QOPKJHVRFVU_001_PDF.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
BXA09QOPKJHVRFVU_001_PDF.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_9160c4962d732d3bedfbb9da1634c2393b6564fc5b1f8a1ce62de5a4ed172e8b
-
Size
567KB
-
MD5
0ca38bd4a3bea8fe36c7433d1d86a90b
-
SHA1
2221a3c0cc49dc5b97ca36b3a4959424f93ed69f
-
SHA256
9160c4962d732d3bedfbb9da1634c2393b6564fc5b1f8a1ce62de5a4ed172e8b
-
SHA512
6ea4ce128f39192cd2c32041e021e1fd2e89baa779a44ba8e113999ee4665f9eaefee3bd803b7e46e43323492431506e2cc067094e1cf668fc1264e6f398d8aa
-
SSDEEP
12288:64BR71eFL+FzE4b5dg8+7oN4gW/PppxPqGgXCjvEFdSLZPTvy:64BneFL+F1b5dIaW/zxPsyTidqNvy
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack003/BXA09QOPKJHVRFVU_001_PDF.exe
Files
-
JaffaCakes118_9160c4962d732d3bedfbb9da1634c2393b6564fc5b1f8a1ce62de5a4ed172e8b.zip
Password: infected
-
d049ba3a6580d17ca24a05f41830f837879dede720e2c9b20b113cb073ec86f8.vhd
-
out.vhd.vhd
-
$RECYCLE.BIN/desktop.ini
-
BXA09QOPKJHVRFVU_001_PDF.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RWVQ04HDJSNYKSDF03BD_002_PDF.vbs
-
System Volume Information/WPSettings.dat