471ae466386cf7a1735a167361cb6324_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

471ae466386cf7a1735a167361cb6324_JaffaCakes118
Size

647KB
MD5

471ae466386cf7a1735a167361cb6324
SHA1

ee43436409533a8d23f57184d93ac9a8dd350287
SHA256

752d285dc19f30b8c5d0e01802bb29405e1096c3fca4d866b8532691b36e01bb
SHA512

39b442009faec585c3e7fe7ce6f69a2f61fd88eed75dc2134e825fa4768a17239f732ee61a118e59c2c7a530da21a5d8db32b3875737b57b1e33848ff5115044
SSDEEP

12288:u1rrh5NETWB0DSb57zjjwOLPlR5A2MkOB2ngKqrV5frdDhc1UmI:SrhAS2DSJjjtPlfxKf1XfrRa16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SecurePDF-Viewer-2018.exe

Files

471ae466386cf7a1735a167361cb6324_JaffaCakes118
.zip
SecurePDF-Kunden-NR-9363245706851510.spdf
SecurePDF-Viewer-2018.exe
.exe windows:5 windows x86 arch:x86

3ed94892dea29333356ce1e3b010b6d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ctl3d32

Ctl3dCtlColor
Ctl3dEnabled

kernel32

GetCurrentThread
GetProcAddress
SleepEx
WriteFile
OpenJobObjectW
GetModuleHandleA
CreateFileMappingA
CreateProcessA
CreateFileMappingA
OpenWaitableTimerW
GetVersionExW
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetExpandedNameW

odbctrac

TraceSQLFetch
TraceSQLCancel
TraceSQLConnect

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE

.udata
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_MEM_WRITE

.rcrs
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ