CancelDll
LoadDll
Behavioral task
behavioral1
Sample
15072e01ed6e2da0a18d074334abd29d_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
15072e01ed6e2da0a18d074334abd29d_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Target
15072e01ed6e2da0a18d074334abd29d_JaffaCakes118
Size
53KB
MD5
15072e01ed6e2da0a18d074334abd29d
SHA1
8e7499cad6af54c4a37ae3f2310d1849a0a1dbaa
SHA256
3afe9594deac7def172db63cbc7772c36d1c0744741bd8ed923cadd231466b4a
SHA512
869e8b7993184ec4f834a73dea7980ca70032507790495ed787d8372e1a6dadea54345a1e11a5f230ed015e43ca1ae67f0bd015a40ae59a85063a2d5464c7ab7
SSDEEP
1536:lTD+K/8sP8UWFIjok2dHcxnjRKQN4CIdfZ:l/tksPnWFIjohd8BjYdLR
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
15072e01ed6e2da0a18d074334abd29d_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ