qakbot | 74d159eb1ae329514921169b91c5d981_JaffaCakes118 | Triage

Sharing

General

Target

74d159eb1ae329514921169b91c5d981_JaffaCakes118
Size

419KB
MD5

74d159eb1ae329514921169b91c5d981
SHA1

a5f36ba6bfcf174c8f55ad028393d6fd77b4a150
SHA256

f17ea31fac5f0adae35789ed4305f0405428ce2356ce8679bd18cd66aaf520b1
SHA512

747a622148654d91d3ce5ea629886579460fcd6d8d113f6e46693ac20968a3678b3418e75024f7bb364ee000e856afee692548c6db874ac68402ea9fb0fcd8f7
SSDEEP

3072:rNMgX2j0uWr/zHTWP2nrHYAAR5KU1LIc2XFX93gKpBV4kK0BRvTJaUVfO/xxzFBv:amJuKHE4rHYA88U18c21Wg/aU0bF7p

Score

10^/10

qakbot

Malware Config

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74d159eb1ae329514921169b91c5d981_JaffaCakes118

Files

74d159eb1ae329514921169b91c5d981_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE