VDMEnumTaskWOWEx
VDMTerminateTaskWOW
WSPStartup
Behavioral task
behavioral1
Sample
0464b790a17e3c18c753b64ce99b8043_JaffaCakes118.dll
Resource
win7-20240903-en
Target
0464b790a17e3c18c753b64ce99b8043_JaffaCakes118
Size
7KB
MD5
0464b790a17e3c18c753b64ce99b8043
SHA1
a22a8a24b17e93b355e4539af0c3f79df84aaf6c
SHA256
bae42665a040d6fa37729338879baa09e638ecf62993e2e812a5c9d4d57f2fdf
SHA512
a457f5a10930fc8357be29f73bc589ddd7156ba4a32fe9a2dfc558efa4090f3e9487e1842d35d10373ae3f66cebcfdc0d39f4dfdf01aff878d2ee0af819cb6b7
SSDEEP
192:OJK3VhSuBMc+7+8nJ2JCt8NnO5zpcv5Cv6gi+Q8A:KHl7+2wJYsuSxCSY
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
0464b790a17e3c18c753b64ce99b8043_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
VDMEnumTaskWOWEx
VDMTerminateTaskWOW
WSPStartup
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ