azorult | JaffaCakes118_3b745b2dd229bd0115a2a013fc6ae1623c003299827e879de22e41cb4112c21a

General

Target

JaffaCakes118_3b745b2dd229bd0115a2a013fc6ae1623c003299827e879de22e41cb4112c21a
Size

60KB
MD5

85192a9accd8201cbaf84afdd523305a
SHA1

49a6d6701b2a2c7483db261bb45bcb3b81a50592
SHA256

3b745b2dd229bd0115a2a013fc6ae1623c003299827e879de22e41cb4112c21a
SHA512

b7d9e7d40ccf5181bdbba07c36fcd181235ff415c17f63b473b0930656a35a05b68b6ab6696800cc311d568f0a80e3d266b91d362aed6c426255a03a7a3565e1
SSDEEP

1536:xHUTKyE4xKrR1JFTG/R/nJeEoNX1G03Tv4d7KYwlS:xHiKH1F49nJeEoXGoTgd7KVS

Score

10^/10

azorult

Family

azorult

C2

https://suspam.com/index.php

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/abd6c1f331de27aff1e2bbc3e79856aa66e13f36ea2f0fc3cd81b914b4779077

JaffaCakes118_3b745b2dd229bd0115a2a013fc6ae1623c003299827e879de22e41cb4112c21a
.zip

Password: infected
abd6c1f331de27aff1e2bbc3e79856aa66e13f36ea2f0fc3cd81b914b4779077
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ