Static task
static1
Behavioral task
behavioral1
Sample
DANNIK Ltd._New emri,pdf.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
DANNIK Ltd._New emri,pdf.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_bbca37177feac0ce7b1c0597f9ca3a56df516153713caa7621ef0ca02961572c
-
Size
568KB
-
MD5
1e4157aa08719efa511b0f1c44c5bec0
-
SHA1
fbdbc8a2fe40423e4a9634913b412f430662a4ea
-
SHA256
bbca37177feac0ce7b1c0597f9ca3a56df516153713caa7621ef0ca02961572c
-
SHA512
fad6248c2131c473f7d4f6a6abccd39d42a50dd461100f6a314fd0945acc72c18fe4ce62283383d09e8fc2b01ef66a37cc23aac6e0b540521676817e39ce78d9
-
SSDEEP
12288:F8B2yzhBGv1Re8EI0XwuH6w2CkjUUfVxq5meeKu9+6ousUmj:F8Qy1BGv1T9CtkoUfH7Oy++pA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack003/DANNIK Ltd._New emri,pdf.exe
Files
-
JaffaCakes118_bbca37177feac0ce7b1c0597f9ca3a56df516153713caa7621ef0ca02961572c.zip
Password: infected
-
9b20e7c2b0172d86b2cd8ba4aff22a35e726583d31ecc798c275a872ddd6d8ef.iso
-
out.iso.iso
-
DANNIK Ltd._New emri,pdf.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 595KB - Virtual size: 595KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 64B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 403KB - Virtual size: 403KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ