ksHookwo
tzHookwo
Behavioral task
behavioral1
Sample
2e6aa5059659891443ba52485e0b327a_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2e6aa5059659891443ba52485e0b327a_JaffaCakes118.dll
Resource
win10v2004-20240704-en
Target
2e6aa5059659891443ba52485e0b327a_JaffaCakes118
Size
16KB
MD5
2e6aa5059659891443ba52485e0b327a
SHA1
faa58c626a9622b2dfa63a0c645c1a9a9080eb30
SHA256
ca1c04b4db5229928453162087891ddc3936ef8d76cf35ae3b8323fe88b1d0c9
SHA512
4cfd9bcbf0c8baac85bd3df22b785398daaa3116ce18c6d82481fa64bfa5c05e8e28b51c2dd62bdde6d5c7603090b218cf57ede3b394c2b80566499fd5b482f2
SSDEEP
384:6CnDeAk4vvO7B/lTtd+YoDn43PiIPLqnfqNs49:qJB/lTtd+3z4fiIzpNj
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
2e6aa5059659891443ba52485e0b327a_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
ksHookwo
tzHookwo
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ