870ae6324726d01125ec9d1c6abb67fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

870ae6324726d01125ec9d1c6abb67fc_JaffaCakes118
Size

1.2MB
MD5

870ae6324726d01125ec9d1c6abb67fc
SHA1

41015f7c29fadbe307b3d9ccc0413af86ec6e66a
SHA256

ff147b7862bc3365d8e98b5a91ce0f25e58c83e71f7139691aad7e11165453fb
SHA512

508e085e33db6d77485ddb26aa424900802972f12e46fc60f77ebb762b7295096c5a8b8af2bf3a713e53bec1a7cec782f63fce35ae7b48566f7ec76f250c3a51
SSDEEP

24576:btb20pkaCqT5TBWgNjVYQirQsRdHYY9oQWny:YVg5tjVYQiUsbHTobn

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
870ae6324726d01125ec9d1c6abb67fc_JaffaCakes118

Files

870ae6324726d01125ec9d1c6abb67fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ