sodinokibi | a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118 | Triage

Sharing

General

Target

a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118
Size

142KB
MD5

a3c0870cf6e4ca6e43d78a64e6b87c5c
SHA1

5704e05575d026a1c87d1496a9c63d5979ad9e39
SHA256

291dd0928569306e54b7ff9fc217bf704d646960fe1ec25a7cc431e4af6874e4
SHA512

d31745d4deb5a89aa5ef8c6d46a73738dbead525072c20cc55e5e25d7f1a22de031f26925942209c4b6f3f48414df57fcc169c1b61fde2119bb2c8fca7d7eb18
SSDEEP

3072:DJMawtnGqtWoKeZC62aoNUSFcsCDFgfBS:3w9vteQJYUGcPO

Score

10^/10

Malware Config

Signatures

Sodinokibi family
sodinokibi
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118

Files

a3c0870cf6e4ca6e43d78a64e6b87c5c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7ecacfc6f1d64067e0047425ad885408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
SetErrorMode

Sections

.text
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iyaw
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ