DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Static task
static1
Behavioral task
behavioral1
Sample
bf4d212598065f8e2c068c58b72393e1_JaffaCakes118.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bf4d212598065f8e2c068c58b72393e1_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Target
bf4d212598065f8e2c068c58b72393e1_JaffaCakes118
Size
55KB
MD5
bf4d212598065f8e2c068c58b72393e1
SHA1
0ae91f23df6e534473cca21c20c3efc2130fec91
SHA256
85e05a3a998f8bfc70f9c8dd8f320fe33668208c127e05905dc44118598a2d53
SHA512
56d06176681ac9e9a7bee1ea7663ae91bdc13a7be7d1c7607b4ad5c67372778710f5e24b6f47fa040911411a82018a73efa96eb492ca1c341d2ff420c4ac6c35
SSDEEP
1536:n3+oR9MCZ3odteI6NYKOPkVs97Tk7SSgv+pInouy8:nunCZrvwmsJwGSgjout
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
Checks for missing Authenticode signature.
resource |
---|
bf4d212598065f8e2c068c58b72393e1_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE