DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Behavioral task
behavioral1
Sample
01f9e1833b74f65843d6fffc54d4c31e_JaffaCakes118.dll
Resource
win7-20240508-en
Target
01f9e1833b74f65843d6fffc54d4c31e_JaffaCakes118
Size
441KB
MD5
01f9e1833b74f65843d6fffc54d4c31e
SHA1
9db59f4b4ce5afa2350131ec6a88e78e3e35fb0d
SHA256
62ab8be336e0479fdcf1eacc88a063e5f2b45199fdc88bf349666721c1d945d9
SHA512
475fc0c760f962fe48cdc8bf61d831ac4e9d1a619cad04016fb402dfb6dd7d9dda26c1a0708c6868edbe19990a3591c10e7ec3de9a37cd8f7069e42cfc5959ac
SSDEEP
12288:7pzdGE/fjJ4rCnR4F20Bmp/i5v8540CiuQIeMqOu:fz/d4rCnH081ie5vFIeMq
Detects file using ACProtect software.
| resource | yara_rule |
|---|---|
| sample | acprotect |
| resource | yara_rule |
|---|---|
| sample | upx |
Checks for missing Authenticode signature.
| resource |
|---|
| 01f9e1833b74f65843d6fffc54d4c31e_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE