Delete
First
InjectService
ServiceMain
Static task
static1
Behavioral task
behavioral1
Sample
5e0051e5e605b2c4b7094113878be332_JaffaCakes118.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
5e0051e5e605b2c4b7094113878be332_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Target
5e0051e5e605b2c4b7094113878be332_JaffaCakes118
Size
14KB
MD5
5e0051e5e605b2c4b7094113878be332
SHA1
b1e2ff936e6004797d5fb1cda201f5b869ce8d98
SHA256
b03515d12530d480394fe87ff486da8283a348ccfab11331497d34cbcd6706bf
SHA512
e98bf9bdb97d0380fe001fdedbaa3326e04b15abdbc05be63270fdc0a73cc9e82a937411083dc2caed95a0b22548239610c05a7ca535eb41feada3582c4d1bc5
SSDEEP
192:Hpo9J6iaxntm1SuC4pBVxuZaxo5vyAcoOcGJRSWxWhaRJ9A6MLoEoPSPzkGUkkws:HOJ6DnRCBVE5vgoOczhaRwLUSL86m
Checks for missing Authenticode signature.
resource |
---|
5e0051e5e605b2c4b7094113878be332_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GetCurrentProcess
VirtualFreeEx
VirtualAllocEx
SetFileAttributesW
GetModuleHandleW
WriteProcessMemory
CreateRemoteThread
IsDebuggerPresent
RtlUnwind
SetFileTime
SystemTimeToFileTime
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
Sleep
GetModuleFileNameW
CloseHandle
WaitForSingleObject
CreateThread
DeleteFileW
lstrcatW
lstrlenW
GetSystemDirectoryW
FreeConsole
OpenProcess
lstrcpyW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetServiceStatus
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
RegCreateKeyW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
GetUrlCacheEntryInfoW
PathFileExistsW
Delete
First
InjectService
ServiceMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ