3394807805cff0a5376a00963db98786_JaffaCakes118

General

Target

3394807805cff0a5376a00963db98786_JaffaCakes118
Size

127KB
MD5

3394807805cff0a5376a00963db98786
SHA1

df20a25420089556dd6cf977a4807ff3f736a7c9
SHA256

780f7f3d913dddb31f68da27b6332818a2e005602a082e9d41a2107809fcfbf0
SHA512

40c9c50767aef6164afd89b05609cc1c33a35ed8ccef242575efdee14b4f6c0cd37ad08427791306816399c721c6fa5edfdba3fd256c77a040656b13b9881fd6
SSDEEP

3072:QhiQmB7rZfj4TieT3hOF/jqKs6666KbyMGjA:Q9mB7r9kiKARLeMG0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3394807805cff0a5376a00963db98786_JaffaCakes118

Files

3394807805cff0a5376a00963db98786_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f004d988b26da9993dd39ed22e23014e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\ConflictingApps\Bin\Release\CAPDelayLauncher.pdb

Imports

user32

GetWindowThreadProcessId
BroadcastSystemMessageA
RegisterWindowMessageA
EnumWindows
SendMessageA
SendMessageTimeoutA

mfc71

ord5491
ord6168
ord4108
ord578
ord781
ord3997
ord2272
ord304
ord310
ord5403
ord2468
ord2131
ord1486
ord6173
ord4109
ord865
ord2292
ord6167
ord2322
ord2469
ord1482
ord1206
ord566
ord757
ord297

msvcr71

__CxxFrameHandler
free
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
__p___initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_splitpath
memset
printf
__p__pgmptr
atoi
_except_handler3
_controlfp
__security_error_handler

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
GetCommandLineA
GetModuleHandleA
Sleep
TerminateProcess
GetCurrentProcessId
GetVersionExA
OpenProcess
CreateProcessA
GetLastError
OutputDebugStringA
CloseHandle
SetLastError
GetShortPathNameA
InitializeCriticalSection

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f004d988b26da9993dd39ed22e23014e

Headers

File Characteristics

PDB Paths

Imports

user32

mfc71

msvcr71

kernel32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 372B

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 114KB - Virtual size: 116KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 372B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 114KB - Virtual size: 116KB