gandcrab | 3230b8115768c89399a7231608919ed5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3230b8115768c89399a7231608919ed5_JaffaCakes118
Size

75KB
MD5

3230b8115768c89399a7231608919ed5
SHA1

1562f2ed982e3e9616333942c251729ecc0e6742
SHA256

9580e220d533d5777f3fbfd726d88084cb07b3f4a56d01f3cc7a07652ec10a31
SHA512

61452e3a875b3958ec7b3e7805f3cedfc06de207231e655ab86e707eeed68ce2905a2d485717cc960b80771fddaaed9f5e6d71a55f82214b2f7e6a4ad5a60d39
SSDEEP

1536:DZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngh0yMqqU+2bbbAV2/S2Ovvf:yd5BJ6rMqqDL2/Ovvdrx

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3230b8115768c89399a7231608919ed5_JaffaCakes118

Files

3230b8115768c89399a7231608919ed5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ap0x
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE