03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118 | Triage

Sharing

General

Target

03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118
Size

11KB
MD5

03c0ab7de9d34a512ec128fce27277f9
SHA1

92e53fe59813595aeb6834a0d15bf2ea80f41d6d
SHA256

f79f73045a3c8c096ca6275fb72c5e5f1ca449e27a623ffd54cf675972bcb9c5
SHA512

07d302051edb6dc60fb1abecb5bbf9e261e9fbfd54abf9c074ca100123a00b31031627925a5e6619f656a0ce44ac24da2a6b1b8c720e721f588f6189386642f5
SSDEEP

192:PRuQHUj/++h5nqNMyIy49sF4A7lVlt3G4SDqr8Rcr98UYp:purjxXnqcT9sF7n3GzDHR8TYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118

Files

03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e23e14c6bff0f341e9edad91d1dfd961

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

libpython3.7m

PyList_New

cygwin1

free

cygreadline7

rl_insert

Exports

Exports

PyInit_readline

Sections

.MPRESS1
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE