CancelDll
LoadDll
Behavioral task
behavioral1
Sample
868a733697a564bb9bf31ef1d6911837_JaffaCakes118.dll
Resource
win7-20240708-en
Target
868a733697a564bb9bf31ef1d6911837_JaffaCakes118
Size
81KB
MD5
868a733697a564bb9bf31ef1d6911837
SHA1
4b64879dcf8b64403ce0abe3fb7c6fca4e486d6c
SHA256
1bce5e493088870be19c857cd36be7a084764cef1e7446670cb6267db89d8d3a
SHA512
e9ada603e1bbe2d726bdd2eca9d313c63b6b302fbe52441f109c09c2748c27283a3843393f8525ad1697d5988adc8ceb0a31e5aa39f87c122b3725cd96691d03
SSDEEP
1536:V7LV29Z+qXRjtELpCLN0ejUBKhmXeeTkF833K6rBQxi8MvSNemvTf0Xg:FU9Z+KGdoN3jUk1Maxi3vSNF0Xg
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
868a733697a564bb9bf31ef1d6911837_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ