b469621753481e3f9df53e2c42ad950e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b469621753481e3f9df53e2c42ad950e_JaffaCakes118
Size

44KB
MD5

b469621753481e3f9df53e2c42ad950e
SHA1

05509130773d1b34c4d9cb13744d45536df17918
SHA256

33009aecba08306c12990f32e2e17c9da1237844c3a4801bfb856ee8bbacabc0
SHA512

e4d277573dbf3ab9d7fdb8f94ffd6ba5f50a0db30de4f46db905f5e5e0910472d14e783adbb339f2503cd6c3cee4364b0546343121a8b7d917670d21599f88bb
SSDEEP

384:agUgzMT17YMsoUKrP9Uv3723DMsrV31JySnmN7yu4lN995BH:hwT17YP49Uv3kD9DxmN7yDlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b469621753481e3f9df53e2c42ad950e_JaffaCakes118

Files

b469621753481e3f9df53e2c42ad950e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8ed4ac86fbf5125b4217c5f1aa65a302

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ord721
ord1340
ord1339
ord1338
ord392
ord676
ord283
ord1217
ord450
ord455
ord1225
ord1222
ord1223
ord1140
ord1224
ord516
ord1136
ord614
ord501
ord612
ord211
ord533
ord354
ord355
ord1298
ord474
ord476
ord535
ord477
ord677
ord720
ord719
ord1261
ord1336
ord1318
ord740
ord240
ord826
ord717
ord372
ord362
ord569
ord1258
ord724
ord583
ord829
ord1049
ord872
ord812
ord814
ord616
ord619
ord749
ord753

Exports

Exports

GetHeroAudio

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ