DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
Static task
static1
Behavioral task
behavioral1
Sample
a44785da52d89dcb92e3ee68f475a423_JaffaCakes118.dll
Resource
win7-20240729-en
Target
a44785da52d89dcb92e3ee68f475a423_JaffaCakes118
Size
52KB
MD5
a44785da52d89dcb92e3ee68f475a423
SHA1
0a3b4b4314d9a14c5d2cb707725886218dd8c3e2
SHA256
f033ae09a5a79b9bc39a6f6e879d5655650c79556deb49470e5a5d2b7b7ae85c
SHA512
00e7784434e489a3e291f69adf48496e4f7a6f7f486b5ec49abfe694e9f455ccd20a4d001399acd98a17da11bf07c8967836943ee0ab689cb6e0c8064e07f981
SSDEEP
768:oHkzzoV3EntHnmuHZRJazFUhjKLUF2cNPj23dym2RHuW9kwjC8JpzQbaEDTuKZb8:VPoV3yHN7YIMUkwP28OW9tpTzga2uW7
Checks for missing Authenticode signature.
resource |
---|
a44785da52d89dcb92e3ee68f475a423_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
EnterCriticalSection
InterlockedDecrement
HeapDestroy
lstrlenW
lstrlenA
GetShortPathNameA
GetModuleHandleA
CreateThread
WritePrivateProfileStringA
LocalFree
GetCommandLineW
InterlockedIncrement
RemoveDirectoryA
CloseHandle
Process32Next
Process32First
WideCharToMultiByte
GetSystemDirectoryA
ExitProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetProcAddress
MultiByteToWideChar
SetFileAttributesA
MoveFileA
CreateDirectoryA
Sleep
GetModuleFileNameA
FindFirstFileA
GetPrivateProfileStringA
DeleteFileA
FindNextFileA
FreeLibrary
LoadLibraryA
CreateProcessA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SHGetSpecialFolderPathA
CommandLineToArgvW
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoUninitialize
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString
_access
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
atoi
strcmp
memcmp
_purecall
memcpy
fopen
fseek
ftell
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr
strrchr
sprintf
memset
strlen
strncpy
strchr
strncmp
strcpy
_strupr
strcat
wcsstr
_wcslwr
fclose
fread
SHSetValueA
SHDeleteKeyA
SHDeleteValueA
DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ