DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
Behavioral task
behavioral1
Sample
2903f4b6acba92891f217a3e6ca43ad7_JaffaCakes118.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2903f4b6acba92891f217a3e6ca43ad7_JaffaCakes118.dll
Resource
win10v2004-20241007-en
Target
2903f4b6acba92891f217a3e6ca43ad7_JaffaCakes118
Size
55KB
MD5
2903f4b6acba92891f217a3e6ca43ad7
SHA1
418eaa2d7e20301da7d8c1d02281d576c76320fb
SHA256
eed65f63a59452cf74a66a3a9ba2826dd65a098ea3e91b26557ab67fa778145a
SHA512
2e7837949274aa5ac29fb90e92c4f308939a34095259ae058545186757110361180abe4976335386e1abcf20490df47a6131a4f7757c84aed122012a387f265b
SSDEEP
1536:BSqPZmQhzvmk7Y1/msB2VeIFDJxDu+NEC9VB0DNygIhNkMbr:LZmIvmNmsklFFxDPEC9VB0DNyHhNPbr
resource | yara_rule |
---|---|
sample | modiloader_stage2 |
Checks for missing Authenticode signature.
resource |
---|
2903f4b6acba92891f217a3e6ca43ad7_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ