9639bc5813600fdbccd4502931c86d73_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9639bc5813600fdbccd4502931c86d73_JaffaCakes118
Size

1.2MB
MD5

9639bc5813600fdbccd4502931c86d73
SHA1

9f843b5c6af913a3d14cf3f4371b98e58fc71df6
SHA256

64a09ec3a1f5bf98341675bb15c8159d673e147297d843a40fc16a67776c4713
SHA512

11e5fae6e882dc1c0379dddf027d22f2c5ba4c196b747b85e649fb713731a676968ab761a6b2d31d485a0dba7dbb85d247706ee954dff4edb3b0565ad057d38a
SSDEEP

24576:3JeJfAqkjp98zHpieXXqDsj1dE1BcJ9nPx/igr:ZeJfAJGpLnqDe1W1snP8

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9639bc5813600fdbccd4502931c86d73_JaffaCakes118

Files

9639bc5813600fdbccd4502931c86d73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zwt
Size: 1B - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE