CancelDll
LoadDll
Behavioral task
behavioral1
Sample
bb286e46abf0b0e5c9f18285681ed947_JaffaCakes118.dll
Resource
win7-20240704-en
Target
bb286e46abf0b0e5c9f18285681ed947_JaffaCakes118
Size
48KB
MD5
bb286e46abf0b0e5c9f18285681ed947
SHA1
0e3c9368a04c62b321f204a659ba52b680abc55c
SHA256
62bee6ddd45fb887ddf1a1ebe42ab5a71207bf1189bfabbec77bdaca3a78b27b
SHA512
6b7c86b1ea8a4c688614949669d2bc9a87563ea2c689bf175e9a220eee406d0be3591b5bb523f51cea9c1fe60fb890318af8b75a1c5019d5eb0e35220164788f
SSDEEP
768:FPUwXWaTfRELlWCn2t5hC7vnzRonSyBZNsYFVIF8BhtiluuWmBh:hXGa7ReQCn2tWRRyhxkuwpnBh
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
bb286e46abf0b0e5c9f18285681ed947_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ