DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Behavioral task
behavioral1
Sample
fb256e6d9011314a6063fe3d1c19036b_JaffaCakes118.dll
Resource
win7-20240903-en
Target
fb256e6d9011314a6063fe3d1c19036b_JaffaCakes118
Size
190KB
MD5
fb256e6d9011314a6063fe3d1c19036b
SHA1
dc1e8d30dd8543dbca7fd7b44f9ab12ca1eb5f90
SHA256
36a5d30ed1824e0808018bf5af2a2ab1733b00e1d91b47971fe9e47098b9dd8e
SHA512
92154c50e3e316981d641a262a9ce9e5314f131fa6dc5ddeafa48ff7f0e254617403635fa4ae7f402730ac8ed5cb97983f6467fb7785107ac7d2a8d0542a7bb5
SSDEEP
3072:md6EEWk7rLDceaxDjeDc03aL2jpTPncJ/fMs0kX4BjmWuIK/YuEwZdlPOFcNP+i:CWHL4eWjeg0qGpzA/UdpS3IxuE4uc5
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
fb256e6d9011314a6063fe3d1c19036b_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ