41576bbd3fe3d82e5af59d12ebdf3859_JaffaCakes118 | Triage

Sharing

General

Target

41576bbd3fe3d82e5af59d12ebdf3859_JaffaCakes118
Size

5.6MB
MD5

41576bbd3fe3d82e5af59d12ebdf3859
SHA1

3c97a0f3b1a0eda6d76896f4155bc2d1b15dd44a
SHA256

e8fbe28c56e72025b69cdca0bc6b0c1d30f684659a4461663d400de2b378e5e3
SHA512

e9c204ed9296621d4bfb4c0081af2db2d41181e5db3ec86d0ea6dcee844754f1c9d7e8e8ba30dce9eb5c7e98da5a17ba3dcf2c1827786283cba2c66c1a99a822
SSDEEP

98304:CEAedPJGiUMUEAedPJGihZjiEO5IhOxMMgMM7f:JndsnondssL

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41576bbd3fe3d82e5af59d12ebdf3859_JaffaCakes118

Files

41576bbd3fe3d82e5af59d12ebdf3859_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7da8e63a2dd9bc86f69e3483be65cc73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
FindClose
LoadLibraryA
GetModuleHandleA
GetCommandLineA
GetStringTypeA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
MultiByteToWideChar
GetStringTypeW

user32

GetGUIThreadInfo
OpenIcon

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ