f04965d9536d3ffb73c89694682fbd0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f04965d9536d3ffb73c89694682fbd0c_JaffaCakes118
Size

67KB
MD5

f04965d9536d3ffb73c89694682fbd0c
SHA1

68b81200cda3345b94d30387d9aba33ce8733792
SHA256

2c74158721cbecc658f06af9a3ed584cb91670355eae88d9f28d2c477f29488e
SHA512

4a23228e338dfc84416219df577fa3d4424d45284bf5e9e96ed70a2760ebba15ee7412864d62b46bef4d3a99b3cad76c8f10f93a744f4d72df694a0a2af99aa5
SSDEEP

1536:CgS2aHn8Rtl+evqR2qOW9nP9eYyK/MFu5:CgSuA/4q7nPWu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f04965d9536d3ffb73c89694682fbd0c_JaffaCakes118

Files

f04965d9536d3ffb73c89694682fbd0c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

646aab5c83907e18c22ee57ad03ea1bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_gray_.pdb

Imports

core_rl_magick_

FormatMagickString
GetFirstImageInList
DestroyImage
InheritException
DestroyQuantumInfo
LoadImagesTag
TellBlob
GetBlobSize
SyncNextImageInList
GetNextImageInList
AcquireNextImage
SetQuantumImageType
LoadImageTag
QueueAuthenticPixels
GetVirtualPixels
SyncAuthenticPixels
ImportQuantumPixels
GetAuthenticPixels
ReadBlob
GetQuantumExtent
GetQuantumPixels
CloseBlob
AcquireQuantumInfo
SetImageVirtualPixelMethod
CloneImage
ThrowMagickException
GetExceptionMessage
DiscardBlobBytes
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
UnregisterMagickInfo
SaveImagesTag
GetImageListLength
SaveImageTag
WriteBlob
ExportQuantumPixels
TransformImageColorspace
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

__dllonexit
_unlock
_onexit
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_lock
_errno

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

RegisterGRAYImage
UnregisterGRAYImage

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646aab5c83907e18c22ee57ad03ea1bc

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 636B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 636B