AddAtomA
AddRefActCtx
AllocConsole
GetFnPath
s
Behavioral task
behavioral1
Sample
3d6ed04424cdcffb8de74f96c092c429_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d6ed04424cdcffb8de74f96c092c429_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Target
3d6ed04424cdcffb8de74f96c092c429_JaffaCakes118
Size
47KB
MD5
3d6ed04424cdcffb8de74f96c092c429
SHA1
1b19c73b5458667d931ea81f69f41c7855270b25
SHA256
bfd834075eacb257613975c73e9f31416c9cf31f9777c0ee6cc7f897028b6a58
SHA512
635f6c171f4f959a6f96cbb4a5a591cb27dbb7544e6bef18dc409d6392474c65ea5aa7f85ecdd2bdffba7d16c54638bc40d3b9bbea1f5c73b80f76c986044288
SSDEEP
768:HJ7/z4jHzcLRoyTN9vwzCng9k+jtIr8EyJ4ReRDBUAP+RXyyIZOnfKjP:p7/UHILOyTvgC4k+jejyJ6S93qIOfyP
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
3d6ed04424cdcffb8de74f96c092c429_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
AddAtomA
AddRefActCtx
AllocConsole
GetFnPath
s
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ