207d4c772c1f5237889e0e39aa41a6a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

207d4c772c1f5237889e0e39aa41a6a6_JaffaCakes118
Size

914KB
MD5

207d4c772c1f5237889e0e39aa41a6a6
SHA1

6fede43e04f814acc7fe4b08496e4b15028f8d3c
SHA256

51a5f59ff18258a07c9842500453e3fbf635d69975f78b8537199c9c459ebc56
SHA512

d801469fc4b24a69b28a674bb2d1a6f8e0064d02cd8f8ce59f7294ab97a3a8534890c501f298466a476d503a32cd459e035e9ce65d7ac80022d6290681b18b7a
SSDEEP

24576:hJTMrrKSMWS8DwHwKSi8CWr3gTnspTbIi6muPjKTXibH+j:36r0rSIykjmo6yCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
207d4c772c1f5237889e0e39aa41a6a6_JaffaCakes118

Files

207d4c772c1f5237889e0e39aa41a6a6_JaffaCakes118
.dll windows:6 windows x86 arch:x86

f13eebd312c2c2596eafd63bb7e78149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

python27

_Py_ZeroStruct
_Py_TrueStruct
PyFloat_Type
PyString_Type
PyBuffer_Type
PyBool_Type
PyExc_OverflowError
PyExc_TypeError
PyExc_ValueError
_PyThreadState_Current
PyUnicode_Type
_Py_NoneStruct
PyFrame_New
PyThread_get_thread_ident
PyCode_New
PySequence_Fast
PySequence_List
PySequence_SetItem
PySequence_GetSlice
PySequence_GetItem
PySequence_Size
PySequence_Check
PyNumber_Float
PyNumber_Long
PyIter_Next
PyObject_GetIter
PyObject_AsWriteBuffer
PyObject_AsReadBuffer
PyObject_CheckReadBuffer
PyObject_CallFunctionObjArgs
PyObject_CallFunction
PyObject_CallObject
PyImport_AddModule
PySys_GetObject
PyEval_InitThreads
PyEval_RestoreThread
PyEval_SaveThread
PyEval_CallObjectWithKeywords
PyEval_CallFunction
PyErr_Display
PyErr_Print
PyRun_StringFlags
Py_InitModule4
PyModule_AddIntConstant
PyModule_AddObject
Py_VaBuildValue
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyArg_ParseTuple
PyGILState_Release
PyGILState_Ensure
PyThreadState_Get
PyErr_NewException
PyErr_Format
PyErr_NoMemory
PyErr_NormalizeException
PyErr_GivenExceptionMatches
PyErr_Restore
PyErr_Fetch
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyWeakref_GetObject
PyWeakref_NewRef
PyTraceBack_Here
PyModule_GetDict
PyDict_SetItemString
PyDict_GetItemString
PyDict_Contains
PyDict_Size
PyDict_DelItem
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyList_SetSlice
PyList_Append
PyList_SetItem
PyList_New
PyTuple_New
PyBuffer_New
_PyString_Resize
PyString_AsString
PyString_FromFormat
PyString_FromString
PyString_FromStringAndSize
PyFloat_AsDouble
PyFloat_FromDouble
PyLong_AsLongLong
PyLong_FromLongLong
PyLong_AsVoidPtr
PyLong_FromVoidPtr
PyLong_AsLong
PyLong_FromLong
PyBool_FromLong
PyInt_AsLong
PyInt_FromLong
PyUnicodeUCS2_AsUTF8String
PyUnicodeUCS2_DecodeUTF8
PyUnicodeUCS2_FromObject
PyUnicodeUCS2_Resize
PyUnicodeUCS2_FromUnicode
_PyObject_New
PyObject_ClearWeakRefs
PyCallable_Check
PyObject_IsTrue
PyObject_HasAttrString
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_Unicode
PyObject_Str
PyType_Ready
PyType_IsSubtype
PyMem_Free
PyExc_Exception
PyMem_Malloc

msvcr110

__crtTerminateProcess
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
memset
memcpy
_endthreadex
_beginthreadex
_localtime64_s
strncmp
memmove
qsort
sprintf
_msize
realloc
malloc
free
__crtUnhandledException

kernel32

DisableThreadLibraryCalls
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
IsDebuggerPresent

Exports

Exports

initapsw

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13eebd312c2c2596eafd63bb7e78149

Headers

DLL Characteristics

File Characteristics

Imports

python27

msvcr110

kernel32

Exports

Exports

Sections

.text Size: 669KB - Virtual size: 668KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 192KB - Virtual size: 195KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 669KB - Virtual size: 668KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 192KB - Virtual size: 195KB

.reloc
Size: 25KB - Virtual size: 25KB