DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
Static task
static1
Behavioral task
behavioral1
Sample
020648acb7ec97344a9dbca862b6b432_JaffaCakes118.dll
Resource
win7-20231129-en
Target
020648acb7ec97344a9dbca862b6b432_JaffaCakes118
Size
56KB
MD5
020648acb7ec97344a9dbca862b6b432
SHA1
6ac026e9e376d3d3ca0370b2f374be1ac9b4ab65
SHA256
1cca15b8cf30d4499a91152d808185c3a7ac3e4231cd409504b5bbaa50e5507e
SHA512
6127e2235d54e8989843dc1675bdae3dfb0e015d6bf07efdf468cf6c18538f6d01a0b24ddd9da5ff8b451832fd0eb9d9dbef00a622d8df9871035f8ca75a8649
SSDEEP
1536:m24oKxmu40tgSysAaGknxS2acLdo3ng6I:Z4ttgSyuDnkcCn
Checks for missing Authenticode signature.
| resource |
|---|
| 020648acb7ec97344a9dbca862b6b432_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
LocalFree
LeaveCriticalSection
EnterCriticalSection
Sleep
CreateThread
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
CreateDirectoryA
GetModuleHandleA
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
GetCurrentProcessId
Process32Next
Process32First
WritePrivateProfileStringA
GetSystemDirectoryA
CloseHandle
CreateProcessA
lstrlenW
WideCharToMultiByte
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
SetFileAttributesA
DeleteFileA
MoveFileA
GetModuleFileNameA
ExitProcess
GetShortPathNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
BuildExplicitAccessWithNameA
SHGetSpecialFolderPathA
CommandLineToArgvW
CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysFreeString
strcpy
_strlwr
_strupr
_adjust_fdiv
malloc
_initterm
free
fopen
fseek
ftell
fread
fclose
_purecall
memcpy
strncmp
strncpy
??3@YAXPAX@Z
strstr
atoi
strchr
strcmp
strrchr
sprintf
strlen
memcmp
strcat
_stricmp
memset
wcsstr
_wcslwr
_access
??2@YAPAXI@Z
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ