CancelDll
LoadDll
Behavioral task
behavioral1
Sample
fc067a763192000b6b12a71253c5c118_JaffaCakes118.dll
Resource
win7-20240903-en
Target
fc067a763192000b6b12a71253c5c118_JaffaCakes118
Size
72KB
MD5
fc067a763192000b6b12a71253c5c118
SHA1
f5fe7e62def0b0eaa49c1ec2278a86e1545cf4ce
SHA256
ced26fae03636763f59fadcf0e467c6982b254731476a98dfdbf64811f4241ea
SHA512
424f67667e2ca0559fd322dff6f25f646f25c37f71336db4960aa57c9282b2b1bfac822c7058f360777cff94eb7631d74acf953fda463c5bb1a45d51ac12d965
SSDEEP
1536:Z6yEOWXF+4YGLnPyOW2aHBc18NnkfYYn26xalaM3dvwTzir3sF:Qc3xGLnqOCBG8xkQYnDolT3qfirE
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
fc067a763192000b6b12a71253c5c118_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ