JaffaCakes118_8af31cc4f0936dcb289eb4474a4c14b05d6f62407e08964b293d3c3a3441d556

Sharing

Target

JaffaCakes118_8af31cc4f0936dcb289eb4474a4c14b05d6f62407e08964b293d3c3a3441d556
Size

667KB
MD5

321a97cc27239cc54aac2760196a7ccc
SHA1

f4a3cbfb28db41dedc88183166817bed3357850a
SHA256

8af31cc4f0936dcb289eb4474a4c14b05d6f62407e08964b293d3c3a3441d556
SHA512

ffb6d7a7252e523331ea6738414798a61aef6cae925b842a04284dc129fc6446e828518e58c7e44bd90f082a69afaa64954b44a667f3550c51a4a9f82569190e
SSDEEP

12288:AsroJSSqxUoJFpo0V2Q0vGhiiFJj1Hznt3Rc/uwiHa26dNljzmwAFOb5cg2n:jroUtpobQ0IiajRDt3SViHzcNljpplcf

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/INV-7182234 PDF.exe

JaffaCakes118_8af31cc4f0936dcb289eb4474a4c14b05d6f62407e08964b293d3c3a3441d556
.zip

Password: infected
RE_ Invoice INV-7182234.eml
.eml
- https://webmail.floorscapes.in/cpsess4193045875/3rdparty/roundcube/#NOP
INV-7182234 PDF.iso
.iso
INV-7182234 PDF.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purchase order 76353 ALtan.zip
.zip
Purchase order 76353 ALtan.lnk
.lnk
email-html-2.txt
.html
email-plain-1.txt