CancelDll
LoadDll
Behavioral task
behavioral1
Sample
5bdcec6e42904f1941376ff24be9e272_JaffaCakes118.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5bdcec6e42904f1941376ff24be9e272_JaffaCakes118.dll
Resource
win10v2004-20240709-en
Target
5bdcec6e42904f1941376ff24be9e272_JaffaCakes118
Size
54KB
MD5
5bdcec6e42904f1941376ff24be9e272
SHA1
86df72a10a762fafab66c53dd6efce04cff92ed2
SHA256
27eff9f90a212c188ea2d183611b2896d10964766203573b4c2bbc41724b7b11
SHA512
2ab72d0a4aef008e9518cca66719f96e2d4f2baf7711232b047ceb8c46fbffdb5762c583646c44616b5a765e3c91e3b3bbfef626bfe3f0fcfd4400e7101fba21
SSDEEP
1536:knK0jhOKw+PqRLGwghlarqSDKgAyx/sR4TKifgayM:knNhOKw+P+PghlrmK7yx/rTFfHb
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
5bdcec6e42904f1941376ff24be9e272_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ