StartHook
StopHook
wd_ksHook
wd_tzHook
Behavioral task
behavioral1
Sample
eaec877a78ddbaf2d8f7f59f11f29519_JaffaCakes118.dll
Resource
win7-20240903-en
Target
eaec877a78ddbaf2d8f7f59f11f29519_JaffaCakes118
Size
15KB
MD5
eaec877a78ddbaf2d8f7f59f11f29519
SHA1
832b087188e3a4aa8a279b5d826e790aa867f5a4
SHA256
d0b611b17ef5da71f88364929f352496d248c957e0ad5ff940cd85f90c628a62
SHA512
260dce93fecdcab0a278137638dc63ef9df38b65f8de84c56cca61c48804c59cef253f47eb7c68cdaa70ecf2afcbdffe5b79c5f5554d89df65531185c3538c95
SSDEEP
384:ox6yLWYjxvWyl9C9rYIkjiMjIaNRxaQGjoPn:oxvaYwyWtYIkjKazc9
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
eaec877a78ddbaf2d8f7f59f11f29519_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
StartHook
StopHook
wd_ksHook
wd_tzHook
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ