CancelDll
LoadDll
Behavioral task
behavioral1
Sample
880990eaf48cde9d8f0ce9697a849434_JaffaCakes118.dll
Resource
win7-20240705-en
Target
880990eaf48cde9d8f0ce9697a849434_JaffaCakes118
Size
52KB
MD5
880990eaf48cde9d8f0ce9697a849434
SHA1
cc6af02746d1fa72818381c3e417827bfdb667f7
SHA256
25e367d0d6f7b7af9f36dd0a277dd6a6d63817f1666ff7f425ab2caab62703da
SHA512
43d2494aa7b45d312b168be35bc5de9910131a523df0f184256359296021ca8f2d5299ccab9bba30d71603ae761bec938edbc245a6928aabe43c89136bef9270
SSDEEP
1536:NomNZnI+CQSrN+HICrmKHif3T21MWzk6ECLsNHKrnMHMe:NooC+CCHVw69zsIscYse
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
880990eaf48cde9d8f0ce9697a849434_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ