PyInit_readline
Static task
static1
Behavioral task
behavioral1
Sample
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
Resource
win10v2004-20240419-en
General
-
Target
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118
-
Size
11KB
-
MD5
03c0ab7de9d34a512ec128fce27277f9
-
SHA1
92e53fe59813595aeb6834a0d15bf2ea80f41d6d
-
SHA256
f79f73045a3c8c096ca6275fb72c5e5f1ca449e27a623ffd54cf675972bcb9c5
-
SHA512
07d302051edb6dc60fb1abecb5bbf9e261e9fbfd54abf9c074ca100123a00b31031627925a5e6619f656a0ce44ac24da2a6b1b8c720e721f588f6189386642f5
-
SSDEEP
192:PRuQHUj/++h5nqNMyIy49sF4A7lVlt3G4SDqr8Rcr98UYp:purjxXnqcT9sF7n3GzDHR8TYp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118
Files
-
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll windows:4 windows x86 arch:x86
e23e14c6bff0f341e9edad91d1dfd961
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleA
GetProcAddress
libpython3.7m
PyList_New
cygwin1
free
cygreadline7
rl_insert
Exports
Exports
Sections
.MPRESS1 Size: 9KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE