db3b3a8ef79b01cb75f23707aae4d38c_JaffaCakes118

Sharing

Target

db3b3a8ef79b01cb75f23707aae4d38c_JaffaCakes118
Size

943KB
MD5

db3b3a8ef79b01cb75f23707aae4d38c
SHA1

66625dabb8a7453837f767ece827d54fddd2147a
SHA256

149efb087193ee312d9a4e365fdb49774423eccf19e4c34eb77ff9538ae78cdd
SHA512

17f532c841010b201b950f5b6994c69623dc99b89e8a36573573c64ae5f3ba5b652b4f81d9e2f0a8efcb9ab660c6ad4fc8ba77aceb5e7abf2273106182d1a248
SSDEEP

24576:BWmn29ybW+zUL8y0IQiI5p5jITpUEWIAHIYrYB29nHpM:sEbpzULGvIRWuKYBWM

Score

3^/10

pdf link

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/INV_1210200000000000000912.exe

db3b3a8ef79b01cb75f23707aae4d38c_JaffaCakes118
.eml
AMMR000458883.pdf
.pdf
- https://mybill.dhl.com/hawb/ext/DHL%20JO/DHL%20Operations%20BV%20%28Jordan%29%20Services/IBS%2B/AMMR000458883/4055023766/
- http://dhl.com
INV_1210200000000000000912.cab
.cab
INV_1210200000000000000912.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b21a3000.png
.png
email-html-2.txt
.html
email-plain-1.txt