COMResModuleInstance
JUFndB4pARSJ
QSTdR8vtujTSKh
dP5yRxpb
Behavioral task
behavioral1
Sample
d5538047909d46430632d4b8481f8cd6_JaffaCakes118.dll
Resource
win7-20240903-en
Target
d5538047909d46430632d4b8481f8cd6_JaffaCakes118
Size
17KB
MD5
d5538047909d46430632d4b8481f8cd6
SHA1
0d934ab4292c4cd5b1d6af3e36e53e35396e593d
SHA256
81aff2d815f5585da9ce5926339c5ab67a7f89196c41fbfc37490a4f0e6ca855
SHA512
062fff03e87762b82b3fed603318c88fd79b241c0626aacd1e1e1fdab886ef067ccf3e4eb677f17c06e28e0f3e9cd004c4d0733443c2f0b2d18f152638885a3e
SSDEEP
384:PENJ2r7Im/8qVMsRFffj8ixD1cyToIV4ociFJhoH42oJEgs:cNJZmkQz869UIVH3jrs
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
d5538047909d46430632d4b8481f8cd6_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
COMResModuleInstance
JUFndB4pARSJ
QSTdR8vtujTSKh
dP5yRxpb
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ