00dd869000912b8826292cdfabf63e25_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00dd869000912b8826292cdfabf63e25_JaffaCakes118
Size

160KB
MD5

00dd869000912b8826292cdfabf63e25
SHA1

91f6f70f0dbb6765dce733182f941ff3d1fe9d3d
SHA256

ac9ea7a7a28d07390634b9d76fad147067918871bbe77fde7b7367fd49b5e7b0
SHA512

902594521f87cc4a901d8ca001bdba13a0e2b2e45fcaa21cab682b88928ce9e7acd9f51acf0a07b7740129e4cb94549bdde3ac99dab4121246d1988901bdbb9c
SSDEEP

3072:kjVlWaqGEd2hXCM+koemVMmqJ56ScwJFgdxpvY+xaqqfqjU:qVlWJGEmkkoVIf6UJFYw+xaq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00dd869000912b8826292cdfabf63e25_JaffaCakes118

Files

00dd869000912b8826292cdfabf63e25_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b13bbc26e069d2d796410c3f37b246ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
DefineDosDeviceA
WritePrivateProfileStringW
DeleteFileW
DuplicateHandle
LocalUnlock
SetEnvironmentVariableW
CreateNamedPipeW
SetConsoleMode

user32

DdeSetQualityOfService
SetMenuItemInfoW
DdeUnaccessData
KillTimer
DdePostAdvise
SetUserObjectInformationA

gdi32

GetColorAdjustment
RoundRect

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE