07e5de5e667498cb656aded888450ded_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07e5de5e667498cb656aded888450ded_JaffaCakes118
Size

287KB
MD5

07e5de5e667498cb656aded888450ded
SHA1

eb9c88916b3e3ed0dd17d7b1afe88c6e50b08c50
SHA256

f47f4fe0a2ca26f51be634ae9a71cee998533cf957d90c7ffd3045fa05b10225
SHA512

5ba99656612b78d595d53c60159467dcc4564170ef10d36b0a89f052696613d05b3a4cd1565fd5d33bf9a59a8ab9163cab3226b272a2700db6cbc2288b387d58
SSDEEP

6144:RUyyoATZ93m5avnkHq3fMKpAUhTCKH52Tq2S3uNRRR5qRD:RU6cP7rfvp9hTRg2bER56D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debito.Pdf_______________________________________________________________.exe

Files

07e5de5e667498cb656aded888450ded_JaffaCakes118
.zip
Debito.Pdf_______________________________________________________________.exe
.exe windows:4 windows x86 arch:x86

0bca3d073cd6b6d0a43668f14033abbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
FileTimeToLocalFileTime
GetModuleHandleA
SetLastError
GetProcessHeap
GetLogicalDriveStringsW
OpenMutexA
HeapCreate
Sleep
GetStdHandle
CreateNamedPipeW
lstrlenA
DeleteFileA
CreateMailslotA
lstrcmpiA
lstrcmpiA
GetVolumePathNameW
WaitForMultipleObjects
IsValidLocale
GetModuleFileNameA
GetDriveTypeW
lstrcmpiA
lstrcmpiA

scecli

DeltaNotify
SceSysPrep
InitializeChangeNotify
SceOpenPolicy

Sections

.text
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ