DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Behavioral task
behavioral1
Sample
f08c0fd6d49f45362e024170fe44b8b8_JaffaCakes118.dll
Resource
win7-20240221-en
Target
f08c0fd6d49f45362e024170fe44b8b8_JaffaCakes118
Size
8KB
MD5
f08c0fd6d49f45362e024170fe44b8b8
SHA1
27b483cc6bd0c707efac200c56e5dc39fad83793
SHA256
3e1647d1d69a1fed8b88ea1265089c0f4245ad58254d76c68df3ec4db453a015
SHA512
8b893bcb904c4f49e1559a219896edd094693c678a1004ddec6cab4c3cbc067cf2b43ba03501bd8a1eb8ff36f3cda2e21ebc1b275cac67decb6c811b951c5975
SSDEEP
192:aj/djdWFf/00ZN8c/ULzR0VqFVyi5g5XjEjS:69gF3T2c/emsy5X
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
f08c0fd6d49f45362e024170fe44b8b8_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ