jksHook
jtzHook
Behavioral task
behavioral1
Sample
ae8a264f49b9f9d12266c7f3c5108a8c_JaffaCakes118.dll
Resource
win7-20240705-en
Target
ae8a264f49b9f9d12266c7f3c5108a8c_JaffaCakes118
Size
20KB
MD5
ae8a264f49b9f9d12266c7f3c5108a8c
SHA1
3ecafa91bc9c78c2eecb544c104c2d11b9e9e018
SHA256
b2bf5c60423ab71dc214f2e017a71a6e784a7fd080738db24e6375f70dbdf807
SHA512
344ebfddbb3334a28e6bd3ac1a3a7877a1fb073955495f0cac025ba04cbf69f671ef212c5be53e8f081787ed398ee13240e6a64660a46ac6e0ced62ccb2a5769
SSDEEP
384:BeuCOZFJ6pRbPo+pmNF5u3ZOJR2shbsi94RyiGDGHCmy4K4fc+ssjsm:Be+D6p2+pmNuVMERAKyR4Pv
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
ae8a264f49b9f9d12266c7f3c5108a8c_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
jksHook
jtzHook
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ