buer | d91559ae45b8f9bc903d27703211b119_JaffaCakes118 | Triage

Sharing

General

Target

d91559ae45b8f9bc903d27703211b119_JaffaCakes118
Size

31KB
MD5

d91559ae45b8f9bc903d27703211b119
SHA1

f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
SHA256

b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
SHA512

3b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
SSDEEP

768:4R+ulCa/bIJlC2tsR/xRYDV31iVYiuyfF8s:4RtF/ohsR5ahT

Score

10^/10

loader buer

Malware Config

Extracted

Family

buer

C2

https://java-stat.com/

https://installerr.pw/

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d91559ae45b8f9bc903d27703211b119_JaffaCakes118

Files

d91559ae45b8f9bc903d27703211b119_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bbbcb3d0d8904a4dcc2ee78920bd4d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

towlower
iswctype
strlen
strtoul
strncmp
strstr
strchr
_chkstk
wcscmp
wcslen
wcscpy
_allmul
memset

kernel32

HeapAlloc
GetTickCount
GetProcessHeap
HeapSize
HeapFree

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ