DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
Behavioral task
behavioral1
Sample
2a6dda09cb32ea2002c0af002496804b_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2a6dda09cb32ea2002c0af002496804b_JaffaCakes118.dll
Resource
win10v2004-20240704-en
Target
2a6dda09cb32ea2002c0af002496804b_JaffaCakes118
Size
232KB
MD5
2a6dda09cb32ea2002c0af002496804b
SHA1
6edbda743b447fafad2a33a88cb7bd140bc29ce2
SHA256
52c32128f4590a6d7dd73ec6961fcf2c504eefef799b335c3ebb63f801b8f5e0
SHA512
885b62fe1c7af72470cc8a7f0cddc33f7b364f07b377f9f4e4e025af962918b75cc4aa3e47510580785e6ec7986bc5296b50e63deac9e1610f30a5a4cbc1e213
SSDEEP
3072:i26EW/eXE0jZNJ37RR4ecy9d6GLfG4yUmBNDaL06ShQ2e5rczbmZxYDBEgoH:2TWXVj/J374evDnBpyaQpKhZp7
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
2a6dda09cb32ea2002c0af002496804b_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE