General
-
Target
JaffaCakes118_256f1cd3c954642799645642632167a6
-
Size
75KB
-
MD5
256f1cd3c954642799645642632167a6
-
SHA1
c04fc96d9d68e2f182edd5e0f46bb40bafbb780e
-
SHA256
0d1cbc74416b393c9798ce08ba2fd19312b2710a9fd2eeec8be498d3ed07b345
-
SHA512
1927cd0cacf164ab49fb356897c983a143e45291ef144f8b8f4ccf0445c001f0023cb81eb9f10759c2731414250829f4538ec7a422162fc3337746e3e3e30eba
-
SSDEEP
768:L6mhghdN12Ozhiow2Gkm6+c3/6WzolZOp692tKRh:L3+zMOlw2GkmS3yKoo+yC
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
resource yara_rule sample family_xtremerat -
Xtremerat family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_256f1cd3c954642799645642632167a6
Files
-
JaffaCakes118_256f1cd3c954642799645642632167a6.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE