SetDIPSHook
startNow
Behavioral task
behavioral1
Sample
a37876731f3cfa6b5d2e9bf68391484e_JaffaCakes118.dll
Resource
win7-20240704-en
Target
a37876731f3cfa6b5d2e9bf68391484e_JaffaCakes118
Size
20KB
MD5
a37876731f3cfa6b5d2e9bf68391484e
SHA1
e34d45144f69cf140451ca12d05b920293805c6e
SHA256
c77eeed6e3a3c77667674d4b38cfe026580f0ea5d258416eb149f3c84a3f006b
SHA512
c82af1d382a3d2419fe4d1706df1101baa24c9853a5c6419edae60aeb2a11f46eafe1f5037966663b16be2f59d9e439f56f090c983e98166c1dc67fc01b8797c
SSDEEP
384:JCwb7Z4UX62/Sf7U+Fb1f0jQlzHoI0V5QyKgsLILZkM:kw/OK/SHFbmQlsIqsnUlF
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
a37876731f3cfa6b5d2e9bf68391484e_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
SetDIPSHook
startNow
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ