fb3d40d2969ae5f7b9bb2b6298963581_JaffaCakes118 | Triage

Sharing

General

Target

fb3d40d2969ae5f7b9bb2b6298963581_JaffaCakes118
Size

1.2MB
MD5

fb3d40d2969ae5f7b9bb2b6298963581
SHA1

b926b405620c6ee5dfcc7536dc197d1f6e4c1093
SHA256

5fa2d320a9309582f3b8d589a6b776b586bf9247af39c831a86b4d5a3ef0f51f
SHA512

a1217dc6db25b396b5f8b111e446c81d2ff5c5e8339e23fc1c66e15a2cfd5024cada2e69c5daf66b31d793586ebe552a3c6a427f2528c8eb35677099c0c732f9
SSDEEP

6144:KE/gzZZ0mSLAkBTsvgYoxBAosUXBQsnJ/vY3ZFbvC2BoaaVAcL7n:K3zZZ0mXWTsoYoxZsUXBQCo3XK3VAcX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/dhl_address_form.exe

Files

fb3d40d2969ae5f7b9bb2b6298963581_JaffaCakes118
.iso
out.iso
.iso
dhl_address_form.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ