buer | d0c228e4d8cc9a29f6073be657ebe2f2_JaffaCakes118 | Triage

Sharing

General

Target

d0c228e4d8cc9a29f6073be657ebe2f2_JaffaCakes118
Size

31KB
MD5

d0c228e4d8cc9a29f6073be657ebe2f2
SHA1

4d307f43584f67a0522838fcbf5824203281bf24
SHA256

28b1df5f4fc3b60bc9045270f254c86624d6f85e7aa5c7322943aed04d65fefa
SHA512

97c0a1770871b2d45ad8102c083fdac4bde9b7cfacf0955894bd53546865ac66431f8380ec72f01a545b76142dc350ec0f4cc392561a5152d351ac51da9eea63
SSDEEP

768:MSIIxTy+l7u0wF2kO5lk9jquiNDY6aQUDq:MSpPtwF2kOjM/3S3

Score

10^/10

loader buer

Malware Config

Extracted

Family

buer

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0c228e4d8cc9a29f6073be657ebe2f2_JaffaCakes118

Files

d0c228e4d8cc9a29f6073be657ebe2f2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bbbcb3d0d8904a4dcc2ee78920bd4d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

towlower
iswctype
strlen
strtoul
strncmp
strstr
strchr
_chkstk
wcscmp
wcslen
wcscpy
_allmul
memset

kernel32

HeapAlloc
GetTickCount
GetProcessHeap
HeapSize
HeapFree

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ