StartHook
StopHook
Behavioral task
behavioral1
Sample
1bcec718af0a440fbd1a3a6b3e469d2d_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1bcec718af0a440fbd1a3a6b3e469d2d_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Target
1bcec718af0a440fbd1a3a6b3e469d2d_JaffaCakes118
Size
24KB
MD5
1bcec718af0a440fbd1a3a6b3e469d2d
SHA1
a36d5e5455e9e53c801218d4a620ec565733e43b
SHA256
f9beace651c9d149c0b209552873555dbc2d5c65bbfacf51c54353cd5ab304ef
SHA512
e535b9911a47a1f3501e0acfe5abf350f4d796af8190a91dbd4bb5354c9d4bec79aa46b4ed4d799c81a85ddefa66243047205cdd9cfb985c310950bc10b8e458
SSDEEP
384:9eylxz0C5wDqd+1r7QK312jdWyU51v1OQXeiDpFXV02uGtWBa+atFU:9YC5KqdSfQeERmTv1RFDp1Vx+q
Processes:
resource | yara_rule |
---|---|
sample | modiloader_stage2 |
Checks for missing Authenticode signature.
Processes:
resource |
---|
1bcec718af0a440fbd1a3a6b3e469d2d_JaffaCakes118 |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
StartHook
StopHook
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ