4d1ad7172efa8126154722afb46c8ee4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d1ad7172efa8126154722afb46c8ee4_JaffaCakes118
Size

1012KB
MD5

4d1ad7172efa8126154722afb46c8ee4
SHA1

ff2e6aa52713471abc83dc9e9af6d1fd8d6eb387
SHA256

40d4e2a5e7ccd84e3cce859f7674b4280f65633f2099dbb864e2214b705ff83f
SHA512

6828d001ad58ebdee334d6a36dbffd9aeeb1d2c4c4b41831becc6c6e8a982e94bf5994711d44e00f731710e4be86d93dfc944c36c3a92a9d4d79ae5bb0865a89
SSDEEP

24576:FxBvUcm0BnwBeECJ3woxL6gI/zEvCSKu/4mrNr4RRvg:vBccmKnRb63SKugmZmR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1ad7172efa8126154722afb46c8ee4_JaffaCakes118

Files

4d1ad7172efa8126154722afb46c8ee4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c31191baae071c35adac2b8a7dda575a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iconv

libiconv
libiconv_open
libiconv_close

libfontconfig-1

FcInit
FcNameParse
FcConfigSubstitute
FcFontSetDestroy
FcPatternGetString
FcPatternDestroy
FcFontSetAdd
FcFontMatch
FcFontSetCreate
FcDefaultSubstitute

libfreetype-6

ord67
ord112
ord79
ord125
ord81
ord71
ord167
ord166
ord50
ord138
ord173
ord66
ord115
ord57
ord65
ord133
ord77

jpeg62

ord78
ord100
ord98
ord87
ord88
ord76
ord80
ord31
ord79
ord43
ord50
ord44
ord42
ord90
ord30
ord82
ord85
ord86
ord49

libpng12

png_get_PLTE
png_set_packing
png_set_strip_16
png_get_IHDR
png_read_info
png_set_read_fn
png_set_sig_bytes
png_destroy_read_struct
png_create_info_struct
png_create_read_struct
png_check_sig
png_get_valid
png_error
png_get_io_ptr
png_write_end
png_write_image
png_write_info
png_set_PLTE
png_set_tRNS
png_set_IHDR
png_set_compression_level
png_set_write_fn
png_destroy_write_struct
png_get_tRNS
png_read_update_info
png_get_rowbytes
png_read_image
png_get_error_ptr
png_read_end
png_create_write_struct

libexpat

XML_SetElementHandler
XML_ParserCreate
XML_ParserFree
XML_GetCurrentLineNumber
XML_ErrorString
XML_Parse
XML_GetErrorCode
XML_SetCharacterDataHandler

zlib1

uncompress
gzclose
gzdopen
gzwrite
compress

libcairo-2

cairo_font_options_create
cairo_font_options_set_antialias
cairo_font_options_set_hint_metrics
cairo_font_options_set_subpixel_order
cairo_image_surface_get_format
cairo_image_surface_get_width
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_create_from_png_stream
cairo_surface_reference
cairo_set_source_surface
cairo_paint
cairo_curve_to
cairo_line_to
cairo_set_line_width
cairo_get_matrix
cairo_arc
cairo_close_path
cairo_set_matrix
cairo_fill_preserve
cairo_stroke
cairo_set_source_rgba
cairo_set_dash
cairo_move_to
cairo_get_target
cairo_surface_write_to_png_stream
cairo_show_page
cairo_image_surface_get_data
cairo_restore
cairo_save
cairo_destroy
cairo_ps_surface_create_for_stream
cairo_pdf_surface_create_for_stream
cairo_svg_surface_create_for_stream
cairo_image_surface_create
cairo_create
cairo_surface_destroy
cairo_scale
cairo_rotate
cairo_translate
cairo_rectangle
cairo_clip
cairo_font_options_set_hint_style

libpango-1.0-0

pango_font_description_free
pango_font_description_from_string
pango_layout_new
pango_layout_set_text
pango_layout_set_font_description
pango_layout_get_extents
pango_layout_get_iter
pango_layout_iter_get_baseline
pango_layout_iter_free
pango_font_description_set_size

libpangocairo-1.0-0

pango_cairo_font_map_get_type
pango_cairo_font_map_create_context
pango_cairo_context_set_font_options
pango_cairo_show_layout
pango_cairo_font_map_get_default

libgobject-2.0-0

g_object_unref
g_type_check_instance_cast

msvcr80

_hypot
_read
_fileno
_strdup
_putenv
_dup
_setmode
_wassert
free
memset
_access
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_errno
putchar
longjmp
_setjmp3
getc
ferror
putc
memcpy
vfprintf
tmpfile
ftell
iscntrl
ispunct
islower
calloc
toupper
log10
pow
_localtime64
strftime
atol
fgetc
memcmp
isupper
fflush
strncat
perror
fwrite
isalnum
clock
strncpy
bsearch
fgets
fputc
strtol
strtod
strrchr
tolower
getenv
fputs
abs
strtok
strcat
fread
feof
strstr
acos
fclose
strcpy
fopen
tan
_vsnprintf
_fstat64i32
fseek
malloc
asin
printf
realloc
_HUGE
floor
rand
strchr
sqrt
atoi
cos
sin
srand
_time64
isalpha
isdigit
isspace
atan2
sscanf
strncmp
abort
__iob_func
fprintf
ceil
exit
atof
strcmp
fabs
strlen
qsort
sprintf

kernel32

IsDebuggerPresent
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange
SetUnhandledExceptionFilter

Sections

.text
Size: 688KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c31191baae071c35adac2b8a7dda575a

Headers

File Characteristics

Imports

iconv

libfontconfig-1

libfreetype-6

jpeg62

libpng12

libexpat

zlib1

libcairo-2

libpango-1.0-0

libpangocairo-1.0-0

libgobject-2.0-0

msvcr80

kernel32

Sections

.text Size: 688KB - Virtual size: 684KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 284KB - Virtual size: 309KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 688KB - Virtual size: 684KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 284KB - Virtual size: 309KB

.rsrc
Size: 24KB - Virtual size: 24KB