Slihu
Behavioral task
behavioral1
Sample
0c0c6a7895cb5c434a0f01d39f0fe580_JaffaCakes118.dll
Resource
win7-20240729-en
General
-
Target
0c0c6a7895cb5c434a0f01d39f0fe580_JaffaCakes118
-
Size
203KB
-
MD5
0c0c6a7895cb5c434a0f01d39f0fe580
-
SHA1
d24ef9db6a375211c0e6c05560274f26759dbbf5
-
SHA256
f179b5cb3874f4dab5342ccab403eb368ec9329b95c5b459539bc834a4840512
-
SHA512
530d800a95b4ec78dd64fd9cce05101e324f43c1f267ca48626ff764a959ff05eb1d85506e1ec73ad343bda9591fabc8eeccb833dd93fa373e65399985735acf
-
SSDEEP
3072:wcoKREiwi5zEOdFsgQsOS7DR4ov10ELJt41kcN/5VmSvigRZ8wnZVBtJUmzCWHo8:wcPRHzrSsL7TvHt4Wcxs4JtGcCOoS
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule sample acprotect -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0c0c6a7895cb5c434a0f01d39f0fe580_JaffaCakes118
Files
-
0c0c6a7895cb5c434a0f01d39f0fe580_JaffaCakes118.dll windows:9 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
UPX0 Size: - Virtual size: 180KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE