10b73bbab9981655ef82258cc2753bd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10b73bbab9981655ef82258cc2753bd2_JaffaCakes118
Size

112KB
MD5

10b73bbab9981655ef82258cc2753bd2
SHA1

57028ff2eef24e5aa48d9f2f65f37bc6b4b18531
SHA256

7a3ca732add1d7874dc09ee3466d90fb91b61e059412f2e343299edf053b58fe
SHA512

c485f4ff927ed0c26f6b4ab81427bcd0b2a3780f947f293624b24369d08028a9e1edd4cd9fa6d114558e56af3f84caf2a184dfb1c55b3c79b2b69a9b22e5cdbe
SSDEEP

1536:q8KOBk4LjC68xJcD0B6blQ3hToofYa3sGmJ618ePsiv8Cboda7KhWAtJzy:q8l2U7oJ3hTVfYa8Y9PB8Cc0wfzy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10b73bbab9981655ef82258cc2753bd2_JaffaCakes118

Files

10b73bbab9981655ef82258cc2753bd2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

97f1d7e89917e2ac1a61b89e1de78e18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

protektet.pdb

Imports

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
FreeLibrary
FileTimeToSystemTime
GetDateFormatA
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageA

user32

WindowFromPoint

Exports

Exports

LookCrypt

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ