CancelDll
LoadDll
Behavioral task
behavioral1
Sample
0b0e94188480722d0dddf914b08faa8f_JaffaCakes118.dll
Resource
win7-20240729-en
Target
0b0e94188480722d0dddf914b08faa8f_JaffaCakes118
Size
68KB
MD5
0b0e94188480722d0dddf914b08faa8f
SHA1
f5c160acef8aaebe62c419afbe21194bb7a7b29f
SHA256
09dc4b139e723805927d5e273dbeaa7fbec49aa3b44d63a01cd1d952f9bc86a9
SHA512
7059a87a0f8350e4ace693bf25744e4d6a0b0df7142f8ecc17f062f27237dfe6b88a7d8422c6355f30c79cf2fbe93db8d3ead883f106327e44efdabf2de616d4
SSDEEP
1536:OsuX6JN8odmYN6LFeX8+u8IT08VTQq2yifQ65J:1/b8sF60sT6q2yiDJ
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
0b0e94188480722d0dddf914b08faa8f_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
CancelDll
LoadDll
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ