PlugintothefailureInstallHook
UnAPIHook
Behavioral task
behavioral1
Sample
1b5ca0a2cfed0da837df1277a63d758f_JaffaCakes118.dll
Resource
win7-20240221-en
Target
1b5ca0a2cfed0da837df1277a63d758f_JaffaCakes118
Size
1.4MB
MD5
1b5ca0a2cfed0da837df1277a63d758f
SHA1
981db769c134265112dda0cf442d00abf2269f8b
SHA256
dc8638e20db945a7b88d9c618ee2a7053ba95f2c5f40259cb2c299c4564529e7
SHA512
b501983f7574ef85ee3be8b16fb60b1ded40267bbb511e7cd2c557057f7789ce46a460462149949f907239d97c033073354f063e67b4d54cb9a5dfadbb45484b
SSDEEP
24576:BD44VC2/ajaqI7Y/icfB+dfw4oSAmEi9lgOpoqNK4pe60xlMKx1rrmsnS0uLxSU0:Z44/kax0BfOllXLlgoK4ped3dx1vmsn9
Processes:
resource | yara_rule |
---|---|
sample | themida |
Checks for missing Authenticode signature.
Processes:
resource |
---|
1b5ca0a2cfed0da837df1277a63d758f_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PlugintothefailureInstallHook
UnAPIHook
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE