da39e3f220abc39468b2f1aefb23010d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da39e3f220abc39468b2f1aefb23010d_JaffaCakes118
Size

884KB
MD5

da39e3f220abc39468b2f1aefb23010d
SHA1

01080fbae633abb9e36b6d0bc8a42ca412f7fcb8
SHA256

4ca211f4d8f2f1ba9242208638eed28ed9ccbdd7a62452c74d5d2babcec5053c
SHA512

cd00321a0c505a18dbae88ac8d2cd88e6e9bb44a359f49831a352818b34a0b4652517eaa8fe0bc941103bf3599b5aa2346ca2c14479437df332336657fc02f49
SSDEEP

12288:qpqiC/2OGAtkCP4cejGSOpRK3CGeBqg/n:qpo/2+ttPJLfpRK3CGcqg/n

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da39e3f220abc39468b2f1aefb23010d_JaffaCakes118

Files

da39e3f220abc39468b2f1aefb23010d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE