CancelDll
LoadDll
Behavioral task
behavioral1
Sample
f5f1f6f7eb8740a77997c6a3de605fcd_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f5f1f6f7eb8740a77997c6a3de605fcd_JaffaCakes118.dll
Resource
win10v2004-20240412-en
Target
f5f1f6f7eb8740a77997c6a3de605fcd_JaffaCakes118
Size
54KB
MD5
f5f1f6f7eb8740a77997c6a3de605fcd
SHA1
544483d5d731a3697b8cac325d31e45ff3b72a40
SHA256
0d058a00c0e57950d6ec109ba937b2bd3e568469e492c05c33c014819000924d
SHA512
0a8538b05a90bed7c9e43018abdab5ff244f6f4d2b007f7940db505d7c0cf67c76394da5db20d89fbbabb325dadd917de488cb821e81af7570291b0ab6540635
SSDEEP
1536:EdNs9O6qwtr2kv1Wv9pwPyuOxkCI+yigqFM:EdNs9O6rrtdcEyhxQRibM
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
f5f1f6f7eb8740a77997c6a3de605fcd_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ