nloader | a469d5403003584e71c5e5bdbfc5d4e4_JaffaCakes118 | Triage

Sharing

General

Target

a469d5403003584e71c5e5bdbfc5d4e4_JaffaCakes118
Size

22KB
MD5

a469d5403003584e71c5e5bdbfc5d4e4
SHA1

adf569be634c8bd03cc1948042499545a1bd1996
SHA256

e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a
SHA512

fabdb31756703f80cf168ee43f47e1538b43e02e4f9ac648c852aa7da3b87add8aaad1a08865ff2d8f2f1e48d4122fe7faf67453924885badad63df8c2f4c15a
SSDEEP

384:cbSEIxxeXVaZEFV+PC1oengot1Snb7iniHdbN8S6:cboclamUwoegIq8s5CS

Score

10^/10

nloader

Malware Config

Signatures

Nloader family
nloader

Nloader payload 1 IoCs

resource	yara_rule
sample	nloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a469d5403003584e71c5e5bdbfc5d4e4_JaffaCakes118

Files

a469d5403003584e71c5e5bdbfc5d4e4_JaffaCakes118
.dll windows:6 windows x86 arch:x86

1f6199c52a5d3ffac2a25f6b3601dd22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

qsort
bsearch

kernel32

VirtualProtect
IsBadReadPtr
LoadLibraryW
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
VirtualFree
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ