DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
Static task
static1
Behavioral task
behavioral1
Sample
323a4f70a49c5313a386786ca2ab7cff_JaffaCakes118.dll
Resource
win7-20240708-en
Target
323a4f70a49c5313a386786ca2ab7cff_JaffaCakes118
Size
52KB
MD5
323a4f70a49c5313a386786ca2ab7cff
SHA1
857013594d299eeb4502e7fe9ed890a18d76abd8
SHA256
c3d947978cf5b444f24fa22d7864b7bbe1808722a487080508a81875fc0ceb88
SHA512
c8693a8cbffd9baea2b70149aa6230d835b6d6731823ce1faf05819a7fb50518f88fe7d7a8374363365a88be4f1e6f0e61e4b8f217683337a911adcf4323454a
SSDEEP
768:Gy0oubZmVKJNcuokAVjUTmen53+oH5yyLinpZWvi94NmVK7+6EtYsb8sCt1n9:+o8sThUhnN+oH5yb/WviSH+fV8sC
Checks for missing Authenticode signature.
resource |
---|
323a4f70a49c5313a386786ca2ab7cff_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetProcAddress
CreateDirectoryA
Sleep
CreateProcessA
RemoveDirectoryA
LocalFree
SetFileAttributesA
CreateThread
GetExitCodeProcess
CloseHandle
MultiByteToWideChar
GetSystemDirectoryA
ExitProcess
WideCharToMultiByte
WritePrivateProfileStringA
Process32Next
Process32First
MoveFileA
GetCurrentProcessId
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetCommandLineW
GetModuleFileNameA
LoadLibraryA
FreeLibrary
FindFirstFileA
GetPrivateProfileStringA
FindNextFileA
DeleteFileA
WaitForSingleObject
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA
CommandLineToArgvW
SHGetSpecialFolderPathA
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
_wcslwr
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
fopen
fseek
ftell
fread
fclose
atoi
strcpy
strlen
strncmp
strstr
strrchr
sprintf
??3@YAXPAX@Z
strcmp
memcpy
_purecall
??2@YAPAXI@Z
memcmp
wcsstr
_strupr
_access
strcat
strncpy
strchr
memset
SHSetValueA
SHDeleteKeyA
SHDeleteValueA
DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ