azorult | JaffaCakes118_d52e244413d7948b2cffc299689a5a45e76e8af72535f14d9e791c4c1dab0fe8

General

Target

JaffaCakes118_d52e244413d7948b2cffc299689a5a45e76e8af72535f14d9e791c4c1dab0fe8
Size

60KB
MD5

88be1d7ef7481764017c9782acd415c2
SHA1

effb9b5a1193804c59d6d5aac88cf2ab63936aff
SHA256

d52e244413d7948b2cffc299689a5a45e76e8af72535f14d9e791c4c1dab0fe8
SHA512

f40c2294145b49cedba021148e4032386d502e428c63812e5f8ea96323813d7a54b2d5f86e410b82c493509c251261c097eae2927c0fe92f79638d44ecc98d76
SSDEEP

1536:VvnXKxFHU7IRnl+AJHjY7UWeWvWb2aH9VY9K1J/WQo2effUs:Jn6xF0ERl+AlY7Uqe2no/Nxeks

Score

10^/10

azorult

Family

azorult

C2

http://195.245.112.115/index.php

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a5a0bd3056d9b18fd5f39002b7bc0e56281ce15fcd1fdb4db8dd6b10d280305b

JaffaCakes118_d52e244413d7948b2cffc299689a5a45e76e8af72535f14d9e791c4c1dab0fe8
.zip

Password: infected
a5a0bd3056d9b18fd5f39002b7bc0e56281ce15fcd1fdb4db8dd6b10d280305b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ