DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitEntry0
Behavioral task
behavioral1
Sample
641953762ee6acdbb9fbe4160456f856_JaffaCakes118.dll
Resource
win7-20240705-en
Target
641953762ee6acdbb9fbe4160456f856_JaffaCakes118
Size
86KB
MD5
641953762ee6acdbb9fbe4160456f856
SHA1
98bb19aa892b4ca8983418f6237f01d605464010
SHA256
c92ee6d26f318a73c9dbe769819b16b0c8fd155475655c6952ec83c909174933
SHA512
799a2ac1faea987e5164969845a91bc3b82051446a7060976e3abb2c5945fefb8e9ec8ed1e69b66970e20ed8ab872f07b835bc3a32f51919e3c532ec30a72ac4
SSDEEP
1536:bYvynn+A2Vd66v0uB5HrvumuVoF4ajU1d+aDIrSEHeAZimdgfglupbI:8v4+AY6S0cFvucF4eAd+aDIBHRZjdzM
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
641953762ee6acdbb9fbe4160456f856_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitEntry0
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ