DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
Behavioral task
behavioral1
Sample
fd797a814e849b4bd85f721e987530a0_JaffaCakes118.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
fd797a814e849b4bd85f721e987530a0_JaffaCakes118.dll
Resource
win10v2004-20241007-en
Target
fd797a814e849b4bd85f721e987530a0_JaffaCakes118
Size
148KB
MD5
fd797a814e849b4bd85f721e987530a0
SHA1
490c520025aec21f18254e8ea329a39db2b83e66
SHA256
fd7396c4b28c8dc79a31ee6558d14e381180de9d1d8b750a82f94e439f70a21a
SHA512
3e2cc1795a73090cd4b08da42e1e50453e1c282c0e4004485dc2a1eaf792ee06bb68ffb6590a757387f73890db44ba30d5cb4e5e404ee847834a01cef9d010cd
SSDEEP
1536:8l4qmQbmmelfzPPuiHCj/uwd3DiB3AgpXsATaEOO2L:tKDUz+Qwd32B3xpXbOBL
resource | yara_rule |
---|---|
sample | modiloader_stage2 |
Checks for missing Authenticode signature.
resource |
---|
fd797a814e849b4bd85f721e987530a0_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE