DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Behavioral task
behavioral1
Sample
043d28141d5cab4a7c50fc5d40e64c9b_JaffaCakes118.dll
Resource
win7-20231129-en
Target
043d28141d5cab4a7c50fc5d40e64c9b_JaffaCakes118
Size
8KB
MD5
043d28141d5cab4a7c50fc5d40e64c9b
SHA1
468809ce6d5bb279dbb35318a4a5ee2a98e7dcf1
SHA256
19ea1917b95e7cefd5229f633468d810501bd6279335960389fce38e4d02880d
SHA512
4538c027cf6334df7da6088c5177767e424f4a87a27a9f5f3b590bcf520fd1770815de2a464398a2d5a7c53aca955fc83c76a8cb0519f8cac05f67d469b16d76
SSDEEP
96:ns7KTQbinMUMe+gd5O6gVhVQRvVu8imKbanNYNSGcDAKsEzdbfqniSKk:ns+/PZq0RvVu8imdNYYAZEMia
Detects file using ACProtect software.
Processes:
| resource | yara_rule |
|---|---|
| sample | acprotect |
Processes:
| resource | yara_rule |
|---|---|
| sample | upx |
Checks for missing Authenticode signature.
Processes:
| resource |
|---|
| 043d28141d5cab4a7c50fc5d40e64c9b_JaffaCakes118 |
| unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ