anchordns | JaffaCakes118_a13d36df39e92d75372da0f500c43b3f | Triage

Sharing

General

Target

JaffaCakes118_a13d36df39e92d75372da0f500c43b3f
Size

2.3MB
MD5

a13d36df39e92d75372da0f500c43b3f
SHA1

0cbbd7745ad3a86d92da4721b79b7448c8029e62
SHA256

2f349701803f6cce28e742109c262aaab137984a61fba8c861ff5de2d628e8fb
SHA512

7bf62ea140aef038b52a91feca58bde7bba4df89c37e420f2ba2b088a758c58a0ae3db4aeb52c21b460ce07c80a2ec593c860dff5691a46696d472d0a39479ff
SSDEEP

49152:LakOElMaFLkxxz1rOO53RTqtiGlj135DMnCIjtAytA:Lak7ArOO53P55DA

Score

10^/10

backdoor anchordns

Malware Config

Signatures

Anchordns family
anchordns

Detected AnchorDNS Backdoor 1 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

resource	yara_rule
sample	family_anchor_dns

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a13d36df39e92d75372da0f500c43b3f

Files

JaffaCakes118_a13d36df39e92d75372da0f500c43b3f
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\orgchart.pdb

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 400B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ