CancelDll
LoadDll
Behavioral task
behavioral1
Sample
025257061420a3271f2b484baf9a3b4b_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
025257061420a3271f2b484baf9a3b4b_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Target
025257061420a3271f2b484baf9a3b4b_JaffaCakes118
Size
56KB
MD5
025257061420a3271f2b484baf9a3b4b
SHA1
d5de45cbf080c1f43bde5a5194c7c97b7deee2b6
SHA256
fc3b658c311cd5c271b2008a27490fa36e1ddf94af8112568e609d2b7c5addb3
SHA512
638a74a518d33a9fa7219562a765456fd24efb2ec3eaa659b4b4a9a21a99140caeb33b229a74ae39770c89f9d0a4712761e75f2f6e2b68c044891de1ee6a99c0
SSDEEP
768:Z6ygXOWsiV9xjn1A9D4c9t5YE8Lx1Zqb92Houd9i8wxrYfINSHASG5yvFCO2X62:Z6yEOWXF+9sCt5ny3ZLImeS5HAk4BN
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
025257061420a3271f2b484baf9a3b4b_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ