F1122
Behavioral task
behavioral1
Sample
ea01aefaf1277d1588a6e943113a3a00_JaffaCakes118.dll
Resource
win10v2004-20240226-en
General
-
Target
ea01aefaf1277d1588a6e943113a3a00_JaffaCakes118
-
Size
155KB
-
MD5
ea01aefaf1277d1588a6e943113a3a00
-
SHA1
e3d1e878c2184271dfa77a5e3f05afda06806dcf
-
SHA256
1ea0c0a43a0b4875f9c4f4991d04afb1870c24abc393edf26fb3be0060579499
-
SHA512
d855761a79e8194d6772c524c5bf64cfc2e8592112ef62ca47f19296a3c432f2a37e20aae81fa2302354412b603afe05f9e622d3b88e0963ead69450a4742ca1
-
SSDEEP
3072:KKswdQUDlrwTs3844U7WNtQ4JH9CHXsO9fdNR/O2rc8BYjALnRPMrgRC3AVoutl1:6wxrwTGi5NJdC3hj5/IALnRPMoC3AVoS
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule sample acprotect -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ea01aefaf1277d1588a6e943113a3a00_JaffaCakes118
Files
-
ea01aefaf1277d1588a6e943113a3a00_JaffaCakes118.dll windows:10 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
UPX0 Size: - Virtual size: 92KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE