DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
calloc
free
malloc
realloc
Behavioral task
behavioral1
Sample
f137a1e8bc73f5b49301ca321de1ae56_JaffaCakes118.dll
Resource
win7-20240221-en
Target
f137a1e8bc73f5b49301ca321de1ae56_JaffaCakes118
Size
19KB
MD5
f137a1e8bc73f5b49301ca321de1ae56
SHA1
35874795821d496284ce97533c2b3a17bb5aa6d5
SHA256
89e80797875190dfbba60807dd8eb69070ce9201e68bd97522a36ff95560ec7e
SHA512
ef85a7c6663b7b89567c2e6bb55ad7b6a6ff8c6dd571b6de8392e2076b72ea47524caeb2f51247f7946ffe25e5f8ca0db7bf2691fb8cff8d37a7d22832eaf7e7
SSDEEP
384:MuyLktPH4nxjsLzRQmu+/kGgzcTW/YjU6NZIIF4w/aIk0ivhjzxp:MuP5zKmXkfglNZIIqbzzxp
Detects file using ACProtect software.
| resource | yara_rule |
|---|---|
| sample | acprotect |
| resource | yara_rule |
|---|---|
| sample | upx |
Checks for missing Authenticode signature.
| resource |
|---|
| f137a1e8bc73f5b49301ca321de1ae56_JaffaCakes118 |
| unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
calloc
free
malloc
realloc
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ