JaffaCakes118_300472db329878e80d55f734d56349cb | Triage

Sharing

General

Target

JaffaCakes118_300472db329878e80d55f734d56349cb
Size

77KB
MD5

300472db329878e80d55f734d56349cb
SHA1

a8231c35c419a4eeecaef40e911c50c0abca3166
SHA256

1185cc573b94a0c8fe2b032356de723afed807f6568f15a31fbd18b05b260152
SHA512

885b32d3f44e1a351fafbacfcb6e2e0a104453fb16d1ec51789ee98439771663cb1445a41c15b9347b2bdfc117d59a5b623d30e335cdb14432860c6470fbc54d
SSDEEP

1536:N3kf8wcXYGYdshq/dYPCwc1AEKX/JiZYA2uuXyHaPpE4SmWu:N3+coGYd6q/dYPTc1AE8iYA2JjpE4nWu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PROFORMA INV BTI39405059_PDF.exe

Files

JaffaCakes118_300472db329878e80d55f734d56349cb
.eml
attachment-2
.lzh
PROFORMA INV BTI39405059_PDF.exe
.exe windows:4 windows x86 arch:x86

c066fd18a2f081783eedb8829532eed4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord690
MethCallEngine
ord514
ord515
ord554
ord557
ord666
ord667
ord592
ord593
ord594
ord596
ord598
ord703
ord704
ord705
EVENT_SINK_AddRef
ord528
ord529
ord562
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord716
ord609
ord535
ord536
ord539
ord648
ord680
ord100
ord611
ord612
ord541

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-1.txt