raccoon | JaffaCakes118_e6796d00380db121e97b17e6c76bde23553ff2a8e4c211d0f23ff3b979686df8 | Triage

Sharing

General

Target

JaffaCakes118_e6796d00380db121e97b17e6c76bde23553ff2a8e4c211d0f23ff3b979686df8
Size

9.8MB
MD5

7319a30e55d4d2180ec5d03101acc5ea
SHA1

7fa9a9433e71a24cd1e081edfa2c60411bc09236
SHA256

e6796d00380db121e97b17e6c76bde23553ff2a8e4c211d0f23ff3b979686df8
SHA512

268effacb21564cd27665ce1088cce4b4d342034ddcc858c821244cc6159a8acb329dc46c7471e5c56541f0981f0a165d0512ea22e522cbba62890020eeacd85
SSDEEP

196608:SqV2VvnaEy5f0bCXum4SZ5/7UGCZk/6WnLdviY4wAk+u5NelgmVb:SX5n6F0brm4SZaGCRUhvi/mQlgmp

Score

10^/10

raccoon

Malware Config

Signatures

Raccoon family
raccoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e6796d00380db121e97b17e6c76bde23553ff2a8e4c211d0f23ff3b979686df8

Files

JaffaCakes118_e6796d00380db121e97b17e6c76bde23553ff2a8e4c211d0f23ff3b979686df8
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YZK
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.XOj
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WNW
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ