Static task
static1
Behavioral task
behavioral1
Sample
pdf.exe
Resource
win7-20240215-en
General
-
Target
1453c521792d23f1f3a2c47df5b3c3a0_JaffaCakes118
-
Size
413KB
-
MD5
1453c521792d23f1f3a2c47df5b3c3a0
-
SHA1
f3aad7d220c3dfe4f38500cbb4d6da0fa0b22d39
-
SHA256
1546fc1f8e8447a730815af827134ccfd4316eeccdca1912bea7fbce2bfb627d
-
SHA512
add81db3a2b2eb539aafd7b2eb34973111d79bb3e1fa7cb8a351b7193cc61c817d43fffa82201f7586dd823565319cfe81a14f73fac016860ac1eccaf10536ee
-
SSDEEP
12288:N4qJZBnp5caeIrUTqr/9vWtxgs7GNrXqUgIvyquD93SthsOFs:N4qJfpZeKABCNUQRBsEs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/pdf.exe
Files
-
1453c521792d23f1f3a2c47df5b3c3a0_JaffaCakes118.7z
-
pdf.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 454KB - Virtual size: 453KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 206KB - Virtual size: 205KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ