454792c60b73a887732a96b246476565_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

454792c60b73a887732a96b246476565_JaffaCakes118
Size

116KB
MD5

454792c60b73a887732a96b246476565
SHA1

9aec1eaf475ef23a2bd0cd9a79713170853b31f1
SHA256

d6b353d0740e9f9f00f11a9903cab66674c6c699538b8ceee59be8155536da0d
SHA512

f7775940e4b78801b2991f4713fffe06c089d1dcc14f0f35dd5bce357e5e068c1eeb7a5b4a2c22964e24b2789a92b0422412ef80a7af845ddca22533ba991dff
SSDEEP

3072:CG/m+jPghg+CXUcb3bu95M2NCRDqtH5DOuwI3d:CGUCEc4GRDAHz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
454792c60b73a887732a96b246476565_JaffaCakes118

Files

454792c60b73a887732a96b246476565_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cca1c3d9e4329d363d8f2a28ab6f6089

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

protektet.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
InterlockedCompareExchange
FileTimeToSystemTime
GetDateFormatW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
Sleep
FreeLibrary
InterlockedExchange

user32

WindowFromPoint

advapi32

DeregisterEventSource
OpenBackupEventLogA

Exports

Exports

LookCrypt

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ