c0c1604bf89127b5cf6e98beee7ea89a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0c1604bf89127b5cf6e98beee7ea89a_JaffaCakes118
Size

48KB
MD5

c0c1604bf89127b5cf6e98beee7ea89a
SHA1

f42ffe827775295d0aaa3921fcf66fc1eab4fcb3
SHA256

0115fbaaf49122a1b4ee4ae7327e2e058e4ecc00d114bf514c5d649f8d36d342
SHA512

490893aad9766e42ea55a76769f774999fbca7b2e41780d91461f6b9727eb1e266656df6d194af231c9d5b9891b4ae0314500c8ace667405590029c294f867fa
SSDEEP

768:E9nb7aTIZUrSgocgxo+UvF/fUSiB9onJzyfhdsTdP6:E9b7aTIMocCMGf7spP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c1604bf89127b5cf6e98beee7ea89a_JaffaCakes118

Files

c0c1604bf89127b5cf6e98beee7ea89a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d0121df1a01854c8516d0c9bba76d7b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ord784
ord892
ord770
ord577
ord151
ord517
ord704
ord815
ord109
ord76
ord534
ord515
ord519
ord50
ord128
ord841
ord336
ord337
ord266
ord475
ord408
ord374
ord183
ord840
ord316
ord319
ord848
ord845
ord846
ord788
ord847
ord361
ord521
ord431
ord351
ord429
ord372
ord239
ord240
ord896
ord334
ord525
ord476
ord879
ord909
ord538
ord542
ord254
ord247
ord395
ord876
ord564
ord435
ord578
ord613
ord432
ord565
ord709

winmm

ord201
ord207
ord186
ord200
ord206
ord195
ord198

Exports

Exports

GetHeroAudio

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ