DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32
TBHEntry
TBHEntryEx
Static task
static1
Behavioral task
behavioral1
Sample
23ff8a2c77bb3a88fb8d327470f20b85_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23ff8a2c77bb3a88fb8d327470f20b85_JaffaCakes118.dll
Resource
win10v2004-20240611-en
Target
23ff8a2c77bb3a88fb8d327470f20b85_JaffaCakes118
Size
64KB
MD5
23ff8a2c77bb3a88fb8d327470f20b85
SHA1
408d0a34f59a35a6354063af3bba0df0ebb4cdcd
SHA256
13faf87903bedb1b63fadecd48de783bc235237ab37e192aa60bcbbb9f958649
SHA512
0f6e72bc67c72d6022f175ba62d458fb2a84b936058e04d721f88e3d46e8a30e0c412f32f64b20a34ce7dcc4409d5a9a87b618af8b22659b365c8d7e371a021e
SSDEEP
768:buDGUKqjtIRHkEjRaro3Qyt1tqqcT6oMv4VrKZKWrfnkwkv:b4GUKqjyRz8ofHtqaFHKWr/e
Checks for missing Authenticode signature.
resource |
---|
23ff8a2c77bb3a88fb8d327470f20b85_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GetCurrentThreadId
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTime
lstrlenA
IsBadWritePtr
GetModuleFileNameA
MultiByteToWideChar
lstrcpynA
SetLastError
GetVersionExA
MapViewOfFile
CreateFileMappingA
Sleep
CopyFileA
CreateMutexA
VirtualAllocEx
CreateRemoteThread
OpenProcess
lstrlenW
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
DeleteCriticalSection
InitializeCriticalSection
VirtualQuery
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
GetLastError
OpenMutexA
CloseHandle
FreeLibrary
GetSystemInfo
GetLongPathNameA
DeleteFileA
MoveFileExA
CreateFileA
WriteFile
WritePrivateProfileStructA
GetPrivateProfileStructA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
InterlockedDecrement
OpenFileMappingA
InterlockedIncrement
UnmapViewOfFile
GetShortPathNameA
CreateProcessA
LoadLibraryA
GetModuleHandleA
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetVersion
Process32First
Process32Next
EnumWindows
KillTimer
SetTimer
UnhookWindowsHookEx
SetWindowsHookExA
DestroyWindow
PostQuitMessage
GetClassInfoExA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
GetMessageA
DispatchMessageA
TranslateMessage
GetWindowThreadProcessId
IsWindow
GetClassNameA
CallNextHookEx
GetStockObject
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegEnumValueA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
StringFromCLSID
CoCreateGuid
SysFreeString
SysAllocString
SHDeleteValueA
SHDeleteKeyA
PathRemoveFileSpecA
PathFileExistsW
PathFileExistsA
SHGetValueA
PathRemoveBackslashA
PathRemoveBlanksA
PathAppendA
PathFindFileNameA
SHSetValueA
PathRemoveExtensionA
PathStripToRootA
ImageDirectoryEntryToData
realloc
_mbsicmp
wcscpy
sprintf
rand
srand
time
_mbscmp
sscanf
_mbsnbcpy
fwrite
fread
malloc
??3@YAXPAX@Z
memmove
_CxxThrowException
fputs
strstr
fgets
rewind
fopen
wcsstr
wcslen
strrchr
strchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
??2@YAPAXI@Z
fclose
fseek
__CxxFrameHandler
ftell
free
_wcsicmp
_strlwr
_stricmp
_wcsset
_strnset
_strnicmp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32
TBHEntry
TBHEntryEx
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ