Stalk_SetPlugin
Behavioral task
behavioral1
Sample
8ecef9a14612f197ee65f2da76e572d4_JaffaCakes118.dll
Resource
win7-20240708-en
General
-
Target
8ecef9a14612f197ee65f2da76e572d4_JaffaCakes118
-
Size
16KB
-
MD5
8ecef9a14612f197ee65f2da76e572d4
-
SHA1
0043dc3916c48f05b5a5bb1d314948bddca25f20
-
SHA256
ca70bc38fa782bb9c5d6c7dd21da0f7d253b18685aaabbf002db428d2de09796
-
SHA512
80e808c37bcb18aed55127af6b1a1fafad599e4a0ad3edb5909122a22b8b5d7b4143aa0f8b214041b22dd7ccc0bf5d94336a9563453ccaaf7dee9d0b254d0577
-
SSDEEP
384:gwNorgZqvz24+e7U4IcwgcsV/D7PlExHsVQ:gwN3E+94SgcA3PlEJ
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule sample acprotect -
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 8ecef9a14612f197ee65f2da76e572d4_JaffaCakes118 unpack001/out.upx
Files
-
8ecef9a14612f197ee65f2da76e572d4_JaffaCakes118.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
UPX0 Size: - Virtual size: 32KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.data Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ