b8233de78a101e85f83427835d6a125b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8233de78a101e85f83427835d6a125b_JaffaCakes118
Size

48KB
MD5

b8233de78a101e85f83427835d6a125b
SHA1

fd295ea3527622c44294f6ea5becd166453583ff
SHA256

53618f43ffb999710c69e8d14567221a1306491db01818c8fac6509f746b2bb1
SHA512

09ba2d77a917d25375bc194bec0ef5bf5af952de38f6b9a53d06989cf9413ad7696385e75f9a6e2f828ff64d4d0ba956b2551ab9211e4b5f89620c0dbb8ce6c7
SSDEEP

768:0lsJ+gqu/9keNAMH4kJ+AglSXFdf0OM9xqpLO2f+LIhZQFAL+1T/icHkAF3vrBwh:jJq4XzFDqaitbIC3Kg800ojqtD0WN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8233de78a101e85f83427835d6a125b_JaffaCakes118

Files

b8233de78a101e85f83427835d6a125b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

665794fe8540024711c1aa805e33300b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

python27

PyMethod_New
PyType_Ready
PyCFunction_Type
PyTraceBack_Here
PyFrame_New
_PyThreadState_Current
PyCode_New
PyString_FromFormat
PyString_FromString
PyString_FromStringAndSize
PyString_InternFromString
PyUnicodeUCS2_DecodeUTF8
PyObject_IsTrue
_Py_ZeroStruct
_Py_TrueStruct
PyObject_SetAttr
PyDict_GetItem
PyDict_Size
PyNumber_Multiply
PyObject_GC_UnTrack
PyInt_Type
PyObject_Call
PyObject_RichCompare
PyObject_Size
PyErr_Occurred
PyIter_Next
PyObject_GetIter
PyNumber_Subtract
PyFloat_FromDouble
PyNumber_Or
PyEval_CallObjectWithKeywords
PyInt_FromLong
PyCFunction_NewEx
PyObject_SetItem
PyObject_SetAttrString
PyImport_AddModule
PyErr_SetString
PyExc_ImportError
Py_InitModule4
PyObject_GC_Del
_PyObject_GC_New
PyObject_GC_Track
PyDict_SetItemString
PyDict_GetItemString
PyErr_Clear
PyClass_Type
PyList_New
PyModule_GetDict
PyDict_New
PyDict_Next
PyString_Type
_PyString_Eq
PyDict_SetItem
PyString_AsString
PyExc_TypeError
PyObject_GetAttr
PyErr_Format
PyExc_NameError
PyErr_SetObject
PyTuple_New
PyList_Append
_Py_NoneStruct
PyObject_GetAttrString
PyObject_CallFunctionObjArgs
PySequence_DelItem
PyObject_DelItem
PyList_Type
PyTuple_Type
PySequence_GetItem
PyInt_FromSsize_t
PyNumber_Negative
PyObject_GetItem

msvcr90

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Exports

Exports

initmirror

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

665794fe8540024711c1aa805e33300b

Headers

File Characteristics

Imports

python27

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 476B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 476B

.reloc
Size: 5KB - Virtual size: 5KB