Start
ThreadEntry
Behavioral task
behavioral1
Sample
2dd987a3fc38b7610bf4d049b6355a7d_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2dd987a3fc38b7610bf4d049b6355a7d_JaffaCakes118.dll
Resource
win10v2004-20240704-en
Target
2dd987a3fc38b7610bf4d049b6355a7d_JaffaCakes118
Size
46KB
MD5
2dd987a3fc38b7610bf4d049b6355a7d
SHA1
60b3a9d3c1bfefb26a9b6c85f6eece089288cb9b
SHA256
88ebdb39dfc104318ea3e7ff83b164966f430d725ba95f0461daa618cea59537
SHA512
892dc136ac0ef4b4792e9123b21c0f7937532dce4fdb08f58176638f43c93acadff8a6a8c7cbeaabcb904af15c16e5692a380dec458775e09935393b1dec6e90
SSDEEP
768:fWHUtudGGqhis4hgzEknT4hAVUxYqKvejjGz7XhWeVaJPxcBkVSKVWhX18ONhakp:fCUt27AAgzzTBiYLGjyzLhWeVapSB7ak
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
2dd987a3fc38b7610bf4d049b6355a7d_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Start
ThreadEntry
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE