DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Behavioral task
behavioral1
Sample
0fd8cb3acbaeced13a750fcef480d8d1_JaffaCakes118.dll
Resource
win7-20240221-en
Target
0fd8cb3acbaeced13a750fcef480d8d1_JaffaCakes118
Size
8KB
MD5
0fd8cb3acbaeced13a750fcef480d8d1
SHA1
1459e69cd1640f5aa5e9cd9ea4f116cbbe09c21c
SHA256
a2558f0157a8e407d354e73869856705c695fa52dc568a0f4362f917d05c0c12
SHA512
1b99e2ec013647cf4409dd806c85d1fcbe5cb238ae9c070fd104fefaba6f1a0f8cabfd9e86693eb047b650554052bc628200d3198be09581d082df6086abc826
SSDEEP
192:eAM3GmLSQHPb0vVVX4joscS0ugq4nwMuIi1p504u:eF3LLSQHDst49wu+nwPI+p9
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
0fd8cb3acbaeced13a750fcef480d8d1_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE