be54c21a47b71b64e1d580534ca1ed6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be54c21a47b71b64e1d580534ca1ed6a_JaffaCakes118
Size

247KB
MD5

be54c21a47b71b64e1d580534ca1ed6a
SHA1

4ccd50adab46c96853d0f406a82147f883f748fd
SHA256

0bef407b90ce9b3ee4536227cedbb782df7fb2cec038cdb6a10a6a8dca8b1ed1
SHA512

b3d0b69407192c3ab2701e015fc6433c7b1aabd8d81966ae93b22312c1392e17c492c5bd7147aaf59e8f5d761f644415316a0a958c54938daeb398ff2b4cc81d
SSDEEP

6144:fS94HfRl0VGsWFQwfclghbPY5D6uilyGDv:fSc+VZGf5hbwuuilyS

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/atomzeit.exe

Files

be54c21a47b71b64e1d580534ca1ed6a_JaffaCakes118
.zip
atomzeit.exe
.exe windows:4 windows x86 arch:x86

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 207KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manuel_ge.odt
.odt openoffice
manuel_ge.pdf
.pdf
- http://www.paehl.de
server.txt