DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Behavioral task
behavioral1
Sample
35c0ba105f9536b6f15abb9721f3659a_JaffaCakes118.dll
Resource
win7-20240705-en
Target
35c0ba105f9536b6f15abb9721f3659a_JaffaCakes118
Size
116KB
MD5
35c0ba105f9536b6f15abb9721f3659a
SHA1
ee7445465441d134e24a2877742c26182d65bbd0
SHA256
b448a683493125a1d832cbba3344d1f24597fa3bcc37598bbdb675738882d792
SHA512
c5d7f2324ab06db405224982609b706a12847cbc7731c3e2d754dbc15c5549223c74f2c4747643699297b4b2b4ae71b893e44652502d71527b74da3ddfbd8d4b
SSDEEP
3072:QwWAVbjkaC4G2Z/+A74xY+F/yKyOitpn/+fzZk2/M:WAV3jCK4x3F/sOitp/+f9nE
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
35c0ba105f9536b6f15abb9721f3659a_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ