revengerat | b63d54e07006ebe38eea37235d32e808_JaffaCakes118 | Triage

Sharing

General

Target

b63d54e07006ebe38eea37235d32e808_JaffaCakes118
Size

468KB
MD5

b63d54e07006ebe38eea37235d32e808
SHA1

33843a516cbb96f43e9474d7163814abdf2b358e
SHA256

21185c3feac1ceee991951fbb24dc1deee4b43b33aa9bb67b62832d3392d003a
SHA512

cf2146727afa578423e35b0c47902233055c6b1e817cf5e2562191d96e1be555111e12149662ba7c78205c1b71b6fa734c378bb870b2c8db945ac2d4d8642e9c
SSDEEP

6144:lKRlfdLQsZ8KRlfddo/arUr4WqivIgAvlc0KZ+YFPi+Y5AYuHGFf4YDybho5F0UF:M1L41UGRGF4YDy5k5+y

Score

10^/10

stealer revengerat

Malware Config

Signatures

RevengeRat Executable 1 IoCs

resource	yara_rule
sample	revengerat

Revengerat family
revengerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b63d54e07006ebe38eea37235d32e808_JaffaCakes118

Files

b63d54e07006ebe38eea37235d32e808_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\FEDERIKO\Documents\Visual Studio 2008\Projects - 2\Server Undetecter\Server Undetecter\obj\Release\Server Undetecter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ