78984eba8bed983ec7d5e5512956ee21_JaffaCakes118 | Triage

Sharing

General

Target

78984eba8bed983ec7d5e5512956ee21_JaffaCakes118
Size

102KB
MD5

78984eba8bed983ec7d5e5512956ee21
SHA1

06f1ad27b250e4be79e712f423ef716b032d9fdf
SHA256

5685955f0cf5fd4159d32c7238c5fa24097c8104876872f1dae42a2b40f996c3
SHA512

114383c8f7283044aca2238cccbade2904714f2d197fa82a874ad7d0416bba00e178060195ca12950a327149f927e158e8dcfb23072d3cef21fddc60631e55d0
SSDEEP

3072:vmZskrHMIyozgGdSXxi7yNiHQEYS4ykid8g:+LYIbPdSXkWNiwazkz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
78984eba8bed983ec7d5e5512956ee21_JaffaCakes118

Files

78984eba8bed983ec7d5e5512956ee21_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea06140919f32c20587c3fb275e19875

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Krypton_16.0_SSS\Bin\StubNew.pdb

Imports

ntdll

memset

kernel32

GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
LocalFree
lstrcpyA
SwitchToThread
LocalAlloc
ExitProcess
WaitForSingleObject

user32

MessageBoxA
GetActiveWindow
MessageBoxW

advapi32

InitializeSecurityDescriptor
RegCloseKey
FreeSid
AllocateAndInitializeSid
RegCreateKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclA

comctl32

InitCommonControlsEx

winmm

mciSendStringA

userenv

GetDefaultUserProfileDirectoryW

winspool.drv

StartPagePrinter
EndPagePrinter
StartDocPrinterA
ord201
ClosePrinter
OpenPrinterA
EndDocPrinter
WritePrinter

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ