Behavioral task
behavioral1
Sample
1304e64e621f0b294ba3f5f0e0d73104_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1304e64e621f0b294ba3f5f0e0d73104_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
1304e64e621f0b294ba3f5f0e0d73104_JaffaCakes118
-
Size
1.1MB
-
MD5
1304e64e621f0b294ba3f5f0e0d73104
-
SHA1
4591af4dd8c9168694e6950660a13cad8475ed13
-
SHA256
ec688f1bd6009052e85d82ebf431cb352bb52e6577e879a0d558d5c8819c84e7
-
SHA512
9707e40bd917c65bb05d8d61e1f45a9bcfd763031fb6bacfa55739e54e7f6d25f655a6b133f25793f4328be5f8f80d347cfeab62229a5ac02d301550ba95c71c
-
SSDEEP
12288:3ADP+oKGIcHxyT1CbKOPGvbfmRqxUYnSAjSze0Qb4WpknSAjSze0jb4W/:QDP+oZIcHxW1CtPSbfakSUo7QySUo7j
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule sample agile_net
Files
-
1304e64e621f0b294ba3f5f0e0d73104_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
57:8f:31:95:9a:6d:57:a2:48:81:6f:83:d9:93:b2:48Certificate
IssuerCN=EXTRME\\ErayNot Before13-02-2021 10:22Not After13-02-2022 16:22SubjectCN=EXTRME\\Eray38:3e:d6:04:19:3c:a0:84:d3:f3:83:8c:ad:1b:96:bf:47:d8:a1:a1:a8:8b:56:e8:f9:a1:63:7b:58:6e:af:d1Signer
Actual PE Digest38:3e:d6:04:19:3c:a0:84:d3:f3:83:8c:ad:1b:96:bf:47:d8:a1:a1:a8:8b:56:e8:f9:a1:63:7b:58:6e:af:d1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Eray\Desktop\update\obj\Debug\update.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 886KB - Virtual size: 886KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 219KB - Virtual size: 218KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ