DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Behavioral task
behavioral1
Sample
4e17a93174c97ea93c19d8d48c0cba46_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4e17a93174c97ea93c19d8d48c0cba46_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Target
4e17a93174c97ea93c19d8d48c0cba46_JaffaCakes118
Size
50KB
MD5
4e17a93174c97ea93c19d8d48c0cba46
SHA1
827b986f987243c2a684b90d224842d6100e8624
SHA256
14ef8ccb6ee9854d7886bc01f460ce69efd18c8a1370c1a6ccaf70466703acb5
SHA512
7dad3140bede62e1be8570df22733d9548c7656761278d556ae4b10ebd5d02bf1582990e966a82fb096c349b59ab089ccb2a9bb0bf548b07c0cec6c7d85c81b8
SSDEEP
1536:qhTwRb/HfTSvgK2DTD5EottDsS+dwmtFO/:jb//Wv0PKottDXqwmtF6
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
4e17a93174c97ea93c19d8d48c0cba46_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ