zloader | bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118

General

Target

bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118
Size

155KB
MD5

bcb6960b9f204fe1a299e44d011964c3
SHA1

9463ef0923c751223a676fd962d90345edf198ac
SHA256

21587aadce40fc29bdf220e3ad7b63e87f9210dcc3742cf77dc7544438b8db32
SHA512

1b075f1ae357e8d1af4a86c687a674a58991e108b2a7c2d45dda9119bc3d1f111c491176e034266efd741f687e203d4ee91d2a13d3f7ad74a06ebb69cd14dae1
SSDEEP

3072:h35KkzBoJJ9DGW4tJ80rV81TSFtIWzepbhfm4OPdvl7h8iCP:edDGpJ8+V8CtIauh+4udkiC

Score

10^/10

nut 16/02 zloader

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

16/02

C2

https://wewalk.cl/post.php

https://dpack-co.com/post.php

https://dr-mirahmadi.ir/post.php

https://indiaastrologyfoundation.in/post.php

https://metisacademy.ir/post.php

https://lan-samarinda.com/post.php

https://pyouleigorgawimbwans.tk/post.php

Attributes

build_id
351

rc4.plain

rsa_pubkey.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118

Files

bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118
.dll windows:6 windows x86 arch:x86

04d63da449854a50a06bb1a873497ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
CloseHandle
CreateEventW
EnterCriticalSection
SetEvent
SetFilePointer
GetFileAttributesA
GetProcAddress
GetFileAttributesW
CreateFileW
GetConsoleCP

advapi32

RegGetValueW
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
ConvertSidToStringSidW
FreeSid
RegEnumValueW

user32

InvalidateRect
CopyRect
GetCapture
DestroyIcon
EnableWindow
EqualRect
GetSystemMetrics
InsertMenuItemW
LoadIconA
GetClipCursor
GetCursor
GetMenu
ShowWindow
RegisterClassA

gdi32

CreateDIBitmap
CopyMetaFileA

Sections

.text
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

04d63da449854a50a06bb1a873497ca1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

Sections

.text Size: 135KB - Virtual size: 136KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 11KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 135KB - Virtual size: 136KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 11KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB