raccoon | JaffaCakes118_ddf39d79e92eeea4e7109fba4c6298a270b78857d124ebea35d637bcf2edc61a | Triage

Sharing

General

Target

JaffaCakes118_ddf39d79e92eeea4e7109fba4c6298a270b78857d124ebea35d637bcf2edc61a
Size

9.5MB
MD5

5f8e32531c6f5c5172f9b92469d3a766
SHA1

a5f6db028303bebb3d6eea7061bf9b29bab3a338
SHA256

ddf39d79e92eeea4e7109fba4c6298a270b78857d124ebea35d637bcf2edc61a
SHA512

ce1735f3be9c3a969a87c836f5207a94c1db023a83b8aabbd2d0f5b91570e1b8868e81e903f49bb12da2bf3a8a25445a6fcc013e348119173c05975f4eccb1e3
SSDEEP

196608:2yry+I6LR7fapR0tiPlIw2gCKYMZbocA4xKW2Q61OlRkn3BPT9qKW4ONlk1zA2ik:2yG0700tiPCwGKjbocA4oPQ61MRkRPDj

Score

10^/10

raccoon

Malware Config

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ddf39d79e92eeea4e7109fba4c6298a270b78857d124ebea35d637bcf2edc61a

Files

JaffaCakes118_ddf39d79e92eeea4e7109fba4c6298a270b78857d124ebea35d637bcf2edc61a
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JP/
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.)8^
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.L%o
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ