DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
Static task
static1
Behavioral task
behavioral1
Sample
34fe98985c079116e4cbe040dd870581_JaffaCakes118.dll
Resource
win7-20240705-en
Target
34fe98985c079116e4cbe040dd870581_JaffaCakes118
Size
60KB
MD5
34fe98985c079116e4cbe040dd870581
SHA1
4d6e9cc31f2b65330b91d57ebaa7fa1368844ad9
SHA256
f317c3fc43e6e4ff0af2b5e62c2037e7098161d5bb37dd6bbbae8fd53998a992
SHA512
1d3d937546a08cec495c626b07bd8c67d4519feb38f63107e31067e79f9354340c78680adc1c8f84a28c6a1d8cdc17077c12f1193631ee0bd0aaeebf95611791
SSDEEP
1536:ZZHnlXmJA5vo21sYpXA/l9dIo9BrYmQA/n:Z/XuNnYpwnsmQAv
Checks for missing Authenticode signature.
resource |
---|
34fe98985c079116e4cbe040dd870581_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GetProcAddress
LoadLibraryA
lstrlenW
lstrlenA
WideCharToMultiByte
GetCurrentProcessId
FreeLibrary
DisableThreadLibraryCalls
InitializeCriticalSection
LocalFree
InterlockedIncrement
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
ExitProcess
CreateDirectoryA
Sleep
GetCommandLineW
Process32First
Process32Next
MultiByteToWideChar
SetFileAttributesA
MoveFileA
WritePrivateProfileStringA
CreateThread
GetSystemDirectoryA
GetModuleFileNameA
WaitForSingleObject
CloseHandle
GetExitCodeProcess
DeleteFileA
RemoveDirectoryA
CreateProcessA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
SHGetSpecialFolderPathA
CommandLineToArgvW
CoCreateInstance
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString
memcpy
_strlwr
_stricmp
_adjust_fdiv
malloc
_initterm
free
strcmp
atoi
strncmp
strchr
strncpy
fopen
fseek
ftell
fread
??3@YAXPAX@Z
strcat
strcpy
memset
sprintf
_access
strlen
wcsstr
_wcslwr
memcmp
_strupr
_purecall
??2@YAPAXI@Z
strstr
strrchr
fclose
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ