Behavioral task
behavioral1
Sample
198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118
-
Size
1.9MB
-
MD5
198ed15d20f0d64bd9a7383e8508eaa4
-
SHA1
6685819491b5b99b28a79a79482d1e6899294cb6
-
SHA256
021d5f7d81f8cfde810dca7d8fca6befb451305a32a114c840306b2da407d12f
-
SHA512
c8c0e39a8c733bc333a6a8b38e3483256217708fdd1987d04aef8fbff74f60aea8c56eb7ab9c4067ceea19a11eb8dfbcd9156a9124366ca0944d250649477d1c
-
SSDEEP
49152:lo8SFasq25kDnChAsm7cdpmAgMdUldZBRlKVPgdQDG8:lovssq2SCusTzBST4tqsd
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118
Files
-
198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe windows:4 windows x86 arch:x86
bac874d5d54424415b69792cfbe64a51
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaRecDestructAnsi
kernel32
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
Sections
.text Size: - Virtual size: 497KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE