_LOADLIBRARY_DUMMY
_RunAs@16
Behavioral task
behavioral1
Sample
4c05ea05fd9f212c27accc60d4935af5_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4c05ea05fd9f212c27accc60d4935af5_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Target
4c05ea05fd9f212c27accc60d4935af5_JaffaCakes118
Size
34KB
MD5
4c05ea05fd9f212c27accc60d4935af5
SHA1
7d32be9bf0b49d0629d701f0aa86d0b7d6d1c048
SHA256
3301d5d332cf9684bbde779cf5ffa693f07bd2f4ef696dab7b02175a0739e2c9
SHA512
27db2b87abd3cd9f65fceccddb255a1e2356e732da2b5c1b0640307e6c2db18178ea4f341469bb9cde6d9f4de451e1c7502a22561f299300dedf3f3921bb6348
SSDEEP
768:1VggMa7TIrAuPLi3wboC0oM3y/5xGPDuWLM2HPnbcuyD7UnBq:MgMSTIMGi3RkCy/foO2vnouy8nBq
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
4c05ea05fd9f212c27accc60d4935af5_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_LOADLIBRARY_DUMMY
_RunAs@16
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE