07e6fa8947fd6df51e3cee08512efa9d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07e6fa8947fd6df51e3cee08512efa9d_JaffaCakes118
Size

1.5MB
MD5

07e6fa8947fd6df51e3cee08512efa9d
SHA1

86be381d05f30377b269d70fbd1ca3ceee02145d
SHA256

ca6852fb1d627e3948fed5ecfec78cf0a4173dea22199025f3eddcd08ad36213
SHA512

ff0d3d2aa28bc672011d4159ea1c58e30bea1ab728294f75bb40d3c44df2bb07aa6c94b26749ec1c41bf9d2096467ec1cb2c9aa4653c131a25ea3b2c53e96c6a
SSDEEP

49152:zgMAiqtyjWAhbK3nc4x7o95C35DNBpwXQ:hAJySOS7IC355uQ

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9L0-505.exe

Files

07e6fa8947fd6df51e3cee08512efa9d_JaffaCakes118
.zip
9L0-505.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9L0-505pdf.zip
.zip
9L0-505pdf.pdf
.pdf
- http://Pass-Guaranteed.com
- http://domainPass-Guaranteed.com
- http://www.Pass-Guaranteed.com
- http://www.pass-guaranteed.com/bundles.htm
- http://www.pass-guaranteed.com/custom-request.htm
- http://www.pass-guaranteed.com/log.htm