31837d659852b99af32b39ab9064caf8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31837d659852b99af32b39ab9064caf8_JaffaCakes118
Size

118KB
MD5

31837d659852b99af32b39ab9064caf8
SHA1

d2761c183c2ebae3fbc7e54893aaecfff574032d
SHA256

857b932159c779c013a2aaa8a43a194be97600dd373fcbdd4a9fbbec46b9e0d3
SHA512

86241515c831e62e5ce852020af8a039ef7f2863417afe442b1936125b0d110fcac47164a7839e6e1c55b982cc92cc3ff6ba894d3fb05b5792d8dd2dd073da6f
SSDEEP

1536:iK5cH7IHbjzjvVtkIkKxZL0KmrmgN5eae/+x9w9ruI/kvV8bt:z5cH7I/vxkKxBVO5eaC+x6/I6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31837d659852b99af32b39ab9064caf8_JaffaCakes118

Files

31837d659852b99af32b39ab9064caf8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b8aa1b489d97a85c64d57a158f93a17b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_icon_.pdb

Imports

core_rl_magick_

FormatMagickString
GetFirstImageInList
GetExceptionMessage
CloseBlob
ThrowMagickException
LoadImagesTag
TellBlob
GetBlobSize
SyncNextImageInList
GetNextImageInList
AcquireNextImage
EOFBlob
GetAuthenticPixels
SyncImage
LoadImageTag
SyncAuthenticPixels
GetAuthenticIndexQueue
QueueAuthenticPixels
AcquireImageColormap
ReplaceImageInList
ReferenceBlob
DestroyBlob
RelinquishMagickMemory
DestroyImageInfo
BlobToImage
CopyMagickString
CloneImageInfo
ReadBlob
CopyMagickMemory
AcquireQuantumMemory
SeekBlob
ReadBlobLSBLong
ReadBlobByte
ReadBlobLSBShort
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
UnregisterMagickInfo
SaveImageTag
GetVirtualIndexQueue
GetVirtualPixels
TransformImageColorspace
SaveImagesTag
GetImageListLength
WriteBlob
DestroyImage
ImageToBlob
CloneImage
SetImageStorageClass
WriteBlobLSBLong
WriteBlobByte
ResetMagickMemory
WriteBlobLSBShort
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

_unlock
__dllonexit
__clean_type_info_names_internal
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memset
_lock
_errno

kernel32

LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

RegisterICONImage
UnregisterICONImage

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8aa1b489d97a85c64d57a158f93a17b

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1KB - Virtual size: 1KB