_LOADLIBRARY_DUMMY
_RunAs@16
Behavioral task
behavioral1
Sample
ffd814b82d8ffaaaef3365ccae407a40_JaffaCakes118.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ffd814b82d8ffaaaef3365ccae407a40_JaffaCakes118.dll
Resource
win10v2004-20240802-en
Target
ffd814b82d8ffaaaef3365ccae407a40_JaffaCakes118
Size
35KB
MD5
ffd814b82d8ffaaaef3365ccae407a40
SHA1
49237fd0255e059eb7659df525972d19e0e72d8a
SHA256
68af9510eb8ffcf9ef358fde1db461c1dd62ec852794a99f3b90845594f9012d
SHA512
33a25745912f23e67b8c44d3bff384e4bc1e21230b081559360443fe44bb7d08c917bee3dfae7cf14d4f61b0be16a92f9e0f4e1c708510b523a43a2996d0735b
SSDEEP
768:Ngpl78b0onCNKHt9imfPrUoC7jJeZGj54n2Hf/kFG9:NAl78jCNKN0mn9qQGj542Hf8FG9
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
ffd814b82d8ffaaaef3365ccae407a40_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_LOADLIBRARY_DUMMY
_RunAs@16
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ