616f49aa80c94c62aa3675b57e14d5ee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

616f49aa80c94c62aa3675b57e14d5ee_JaffaCakes118
Size

7KB
MD5

616f49aa80c94c62aa3675b57e14d5ee
SHA1

b9442cbae3ba13058ccb2bd64396f4f4a3fcfc42
SHA256

5cf378e18d7bf35be4644345569cd8d6ee2d5f3d9d6d7b02c997fa0cae8ef307
SHA512

257fb4a4800af160124bcc09d6504b8718bc3dfadb2cf01969eac6ab8fb5db74f343e0272a5e487734cd2c96190dcea8320e84200d80cbcad391d20abc23c606
SSDEEP

192:gP570sU1yxRqDKaGvXOzWbwxiKoK30ePizbnWYp:gPW/yxfGAjdFjqYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
616f49aa80c94c62aa3675b57e14d5ee_JaffaCakes118

Files

616f49aa80c94c62aa3675b57e14d5ee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec077632ef872f7f5de409cace4404d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

libpython3.7m

_Py_strhex

cygwin1

free

Exports

Exports

PyInit__md5

Sections

.MPRESS1
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE