DllCanUnloadNow
DllGetClassObject
init_ctypes
Behavioral task
behavioral1
Sample
3c83c1b8373b79becf41286ab836868f_JaffaCakes118.dll
Resource
win7-20240903-en
Target
3c83c1b8373b79becf41286ab836868f_JaffaCakes118
Size
30KB
MD5
3c83c1b8373b79becf41286ab836868f
SHA1
79dae0ea4f3aea540c4ef4bfdece9746d7617210
SHA256
b180647b0d93c07ab7e00ff90b60bcdbc7099ce0874a2afedafbc572170c0ac3
SHA512
94a964ebf632f4fe53033b615e5c4a8c747da5c5b4fed34c624a7de3d2d291b23226f4217c5cce0daea83bdc7dbd53a930b17f0d1bed9f213a87f90931a18398
SSDEEP
768:UNR5838E2nA/uogD06kwef9a5Z7qYIMOe1cJZhyJz:458snAmoI0j9f9oR/TOOcq
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
3c83c1b8373b79becf41286ab836868f_JaffaCakes118 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
init_ctypes
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ