azorult | JaffaCakes118_5d172277c4ad1ef6641e495917ca9d31080016847c56df3a3bac486f5e150e8f

General

Target

JaffaCakes118_5d172277c4ad1ef6641e495917ca9d31080016847c56df3a3bac486f5e150e8f
Size

60KB
MD5

ce0bd9471767144250435d4de4dcaa79
SHA1

1175790a33f3f63571a029f187fd0c49618b33bf
SHA256

5d172277c4ad1ef6641e495917ca9d31080016847c56df3a3bac486f5e150e8f
SHA512

077d79823ad258eb406310405d94e8b799ad31304962516ae5371d8c0ab22b94638dedd790f5b844003212f867868ac30344c286d870d2d33857c3bf0186150b
SSDEEP

1536:uHUTKyE4xKrR1JFTG/R/nJeEoNX1G03l4Ugp2NPfVqghsqG:uHiKH1F49nJeEoXGoxgpY9fhsqG

Score

10^/10

azorult

Family

azorult

C2

http://fastinvestmentbroker.com/frank/index.php

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/698c71dfff3a76279617638fa1c69d4b562484409434c63250ebb706f31318de

JaffaCakes118_5d172277c4ad1ef6641e495917ca9d31080016847c56df3a3bac486f5e150e8f
.zip

Password: infected
698c71dfff3a76279617638fa1c69d4b562484409434c63250ebb706f31318de
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ