DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Behavioral task
behavioral1
Sample
948b8d3c33cf86fde70cf882a004158d_JaffaCakes118.dll
Resource
win7-20240708-en
Target
948b8d3c33cf86fde70cf882a004158d_JaffaCakes118
Size
82KB
MD5
948b8d3c33cf86fde70cf882a004158d
SHA1
2724a7536270560f14ea78b78c3871a6dbc20865
SHA256
4409e3ec34e36e415d095f67631b4a55d1c7a139dda0de5a668e6d98b68a35f6
SHA512
fd8d45167fed9f2b8ac7b49f67e9e53e6570f5e66010c71aeab4b544bea0e66c08949b7c0003a365f2051d40e73c93e4e2236bc56680c139c351d097e64f6226
SSDEEP
1536:Gc6is2qHYvf20ARQ9LYv/kyzpOA5Th0nNIFBszS6vaQj9vU02D6QfCm6Wc4:Gc/s2q4vf2dRQ9LYEkh5ThI8BsbSQj96
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
948b8d3c33cf86fde70cf882a004158d_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE