raccoon | JaffaCakes118_b9cd3b56ade22e2d10cc3884f45882c5358fe046d04fcac06e9321be9f93078f | Triage

Sharing

General

Target

JaffaCakes118_b9cd3b56ade22e2d10cc3884f45882c5358fe046d04fcac06e9321be9f93078f
Size

10.5MB
MD5

babb6a3d8ed926e71f2686cabb28fdc7
SHA1

583d8e57db8e9009c7e0c9e7b21a51f0f0771f81
SHA256

b9cd3b56ade22e2d10cc3884f45882c5358fe046d04fcac06e9321be9f93078f
SHA512

8464e60981a260568f06764aeb0265edfa79d245e81c885e693e42fbb086c8ed325fd3ec1291a8da64005c8c064dae8ccba9b7cfc001d44e56208dad252d8911
SSDEEP

196608:pIAgN2/1FYAAAvLI7L5ixho0BciFKHYqsv1GVnULP7Y76GQoSvifo8:pXdFYR4a8BypAv1enK7Y2G9YiA8

Score

10^/10

raccoon

Malware Config

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b9cd3b56ade22e2d10cc3884f45882c5358fe046d04fcac06e9321be9f93078f

Files

JaffaCakes118_b9cd3b56ade22e2d10cc3884f45882c5358fe046d04fcac06e9321be9f93078f
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.<?3
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Pqy
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2,F
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ