Behavioral task
behavioral1
Sample
fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
fb729cc727e541366021f039759a0d9c_JaffaCakes118
-
Size
4.0MB
-
MD5
fb729cc727e541366021f039759a0d9c
-
SHA1
dff54fe5fb18e8b9ac75c5c2a435a5f4ee6b05fd
-
SHA256
35cdfce84d28a6789b8de70bd08737a5bef5453df2b45219aa9598955b8668c2
-
SHA512
4af200d7a17e492557a0e67758eead65b2f7f7ee8c41558ad3440493be654368a85a2d478beaaee12dad8afa51a2afeffae647a91459fa5b25263825a3b32f78
-
SSDEEP
6144:vxb4lxG83BGQFps74xdZL4Ego5ZyVWu356Ro/KL2PstTu/uo:vaG8h7WKZlZET56WKLx6uo
Malware Config
Signatures
-
LoaderBot executable 1 IoCs
Processes:
resource yara_rule sample loaderbot -
Loaderbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource fb729cc727e541366021f039759a0d9c_JaffaCakes118
Files
-
fb729cc727e541366021f039759a0d9c_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ