DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
Behavioral task
behavioral1
Sample
19d761169550c76079dccbb41b188b71_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19d761169550c76079dccbb41b188b71_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Target
19d761169550c76079dccbb41b188b71_JaffaCakes118
Size
47KB
MD5
19d761169550c76079dccbb41b188b71
SHA1
a5817af5afc5ab11b0c11a7a535cd6d7e1fd9ad6
SHA256
23a35360d0e9ce954240a42bad3db4ff543ab3f5f94aeadf8428087d0e50cb3d
SHA512
23bb53f828dc1c4d07d9f1b2d7c13f1364dc0ca0304f1d2824fc1c164e280f3f7b0c19970d2cdf577746d066917502c3ae6bef6c4db2d34e230f70fcb340dee1
SSDEEP
768:mSFMqQqH/Q0qCBK3plfPzLMh0O/TaNX9P9AnHveddbyc/j:xFMqdH/Q6Ul0j/2NhaKjj
Processes:
resource | yara_rule |
---|---|
sample | modiloader_stage2 |
Checks for missing Authenticode signature.
Processes:
resource |
---|
19d761169550c76079dccbb41b188b71_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ