InitializeNT
LogonNotify
MigrateSystemNT
MigrateUserNT
StartupNotify
Static task
static1
Behavioral task
behavioral1
Sample
1a50c46b1a0418f833a2933e8a29001b_JaffaCakes118.dll
Resource
debian9-mipsel-20240418-en
Target
1a50c46b1a0418f833a2933e8a29001b_JaffaCakes118
Size
157KB
MD5
1a50c46b1a0418f833a2933e8a29001b
SHA1
df0d35a24d4c9f5c5f49fe8cc8c878cab2464153
SHA256
6f2979c2de75b3c89321f668a6ebc61a4e380b1d54e365a8772de41f70a0e8ab
SHA512
68e0e171d3235b045ea06c0de3596f6c58e6379589262893513334ddc30a7e697390ea77697ddca15f830830a9b43148a518b8575efda91f73733ed73e0d1a03
SSDEEP
3072:2GpDiQ3K348tFbk0FEXcEJORDxlQ9dPeBxqEcrcZs:HieKTtFbkWAcuyDDiPeWEcrc2
Checks for missing Authenticode signature.
Processes:
resource |
---|
1a50c46b1a0418f833a2933e8a29001b_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
_adjust_fdiv
malloc
_initterm
free
rand
??2@YAPAXI@Z
wcsncmp
wcsncpy
??3@YAXPAX@Z
CharPrevW
wsprintfW
CharNextW
RegLoadKeyW
RegUnLoadKeyW
ConvertSidToStringSidW
RegSetKeySecurity
RegDeleteKeyW
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
LookupAccountNameW
AllocateAndInitializeSid
EqualSid
GetSecurityDescriptorOwner
RegGetKeySecurity
OpenProcessToken
OpenThreadToken
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
CloseHandle
GetTickCount
CreateFileW
DisableThreadLibraryCalls
CopyFileExW
GetComputerNameW
LocalFree
DeleteFileW
RemoveDirectoryW
lstrcpynW
lstrcmpW
lstrcmpiW
CompareStringW
ReadFile
lstrcpyW
lstrlenW
lstrcatW
GetWindowsDirectoryW
MoveFileExW
GetLastError
GetSystemDirectoryW
GetCurrentProcess
GetCurrentThread
WriteFile
SHCopyKeyW
SHDeleteKeyW
GetDefaultUserProfileDirectoryW
NetWkstaGetInfo
NetApiBufferFree
ord116
ord125
ord92
ord119
ord20
ord121
ord17
ord158
ord163
ord8
ord118
ord160
ord159
ord32
InitializeNT
LogonNotify
MigrateSystemNT
MigrateUserNT
StartupNotify
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE