Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83
-
Size
150KB
-
MD5
6e092b58c6215f860f0255f3fb5f2f83
-
SHA1
3bb49785892deafff5c8ee6b05c95aa17466d3f2
-
SHA256
2770111e9c78bdad80466d60982f0d3f576e051dc8c566d504a1c59cce0a33d0
-
SHA512
2547341fe729b7b9344b65c9b093ab067fd9b0f7108a9d5c2f94724ddd7a09998f95185b65b5edfc6f3cd160f05332c89b870ca89ce9d5c1372f406855468a1a
-
SSDEEP
3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwM:H29qRfVSnt30Bbt+IhDFM
Malware Config
Extracted
sakula
www.polarroute.com
Signatures
-
Sakula family
-
Sakula payload 1 IoCs
resource yara_rule sample family_sakula -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83
Files
-
JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.Upack Size: 107KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE