a638d5b1f7b33b8875672185ad378885_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a638d5b1f7b33b8875672185ad378885_JaffaCakes118
Size

840KB
MD5

a638d5b1f7b33b8875672185ad378885
SHA1

14a4830fdc4d2d0588618601a325acab8b5eedba
SHA256

9e89d76e6d9859ddf1124bec7440471a5525a0ad3d21c93e60c1c3e94834606e
SHA512

d7b9084a397c9042bf1b07eaee863a63293c714476e2ae7045851613505b6d0f8aca039eadbc91cde494f6f6db901846a29a13a64993d443f00a74f8361a4981
SSDEEP

6144:Rpqoa8aLXC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCo:RpqXC/2OGAtkCP4cejGSOpRK3Cn+i9n

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a638d5b1f7b33b8875672185ad378885_JaffaCakes118

Files

a638d5b1f7b33b8875672185ad378885_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._rdata
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdcdaie
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yqhbjji
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE