JaffaCakes118_d27835b1982006dd6b5e51c6c3887ac1 | Triage

Sharing

General

Target

JaffaCakes118_d27835b1982006dd6b5e51c6c3887ac1
Size

76KB
MD5

d27835b1982006dd6b5e51c6c3887ac1
SHA1

477bb00ca1e2f3b5771ddc39f4213e5565b97295
SHA256

106687482c193e1bd6ac34f13fc1f0595fccf7abcb8e9b4847ec9634fc8babf0
SHA512

c62350623f9a3746541c62cadf8da86d701d41f03ac805f92207833a74526a49606acde41735eaef96be1f169d5ce51ffd9dfbf26f50e25550ed5a2f78cf13f9
SSDEEP

1536:ZfaLvddHHefjpN3AHnvJ6XaHrUis11pwcZOLMc5/5bZj2Fhpi1gbR8N0x0c:8vDHHefrAHnvsaois11bZOYE5ZjuprOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SP-Shipping documents (draft) last revised -10-19-2021 INV-OBL.exe

Files

JaffaCakes118_d27835b1982006dd6b5e51c6c3887ac1
.eml
SP-Shipping documents (draft) last revised -10-19-2021 INV-OBL.lzh
.lzh
SP-Shipping documents (draft) last revised -10-19-2021 INV-OBL.exe
.exe windows:4 windows x86 arch:x86

c066fd18a2f081783eedb8829532eed4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord690
MethCallEngine
ord514
ord515
ord554
ord557
ord666
ord667
ord592
ord593
ord594
ord596
ord598
ord703
ord704
ord705
EVENT_SINK_AddRef
ord528
ord529
ord562
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord716
ord609
ord535
ord536
ord539
ord648
ord680
ord100
ord611
ord612
ord541

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-1.txt