ffdroider | a69cfd4ebd3e783943be08d7ffe8e05a | Triage

Sharing

General

Target

a69cfd4ebd3e783943be08d7ffe8e05a
Size

1.4MB
MD5

a69cfd4ebd3e783943be08d7ffe8e05a
SHA1

cd5eff3cc79f6d3e3739acf4586e787865e3c855
SHA256

2a0106cf867f44e349bdde8116342dbc8fe6c53c75a92328a36d79de5a08aa42
SHA512

0daa916629a66df6ea2ea1422cedf80718b1f207495fc51f91b71266511dd80bc7f6f23695805965d8115627ed472304a6df8d3a0d32e374987a1a8350722ebc
SSDEEP

24576:H8ARmK9XHkry2dvt1JpgPS8VrI+AMXqcjGEDZmGXivQ7TP4pMRR020SVFpFs4:3kK9XHkry2dV1sfJJAEVj17TwpQV0cFL

Score

10^/10

ffdroider

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Signatures

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a69cfd4ebd3e783943be08d7ffe8e05a

Files

a69cfd4ebd3e783943be08d7ffe8e05a
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE