3cf434334c4d18a257f5c1784eee52e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cf434334c4d18a257f5c1784eee52e4_JaffaCakes118
Size

111KB
MD5

3cf434334c4d18a257f5c1784eee52e4
SHA1

2ba2fb7e3cf8819ed4d17a37db458e1964892741
SHA256

92565d56806356e677aaa191c1bb641d7e1853655deaa05076c150759a91b01d
SHA512

20145365d7afc84d41926518e380891358a972c8f4b54960a785379c4eda5bb5330b1812a1f84a5fa0d112f9da52982f128131f2391eb589f4c0e84eabbe7810
SSDEEP

3072:0YsgmEsNCxnqQWfes3ZL6SOfbbLz7GbpCm:0Y9m10qQWp3ZL67bbLfGbpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cf434334c4d18a257f5c1784eee52e4_JaffaCakes118

Files

3cf434334c4d18a257f5c1784eee52e4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5f7eb7546867b609475cc95884cf99b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_rle_.pdb

Imports

core_rl_magick_

FormatMagickString
GetExceptionMessage
ThrowMagickException
GetFirstImageInList
CloseBlob
LoadImagesTag
TellBlob
GetBlobSize
SyncNextImageInList
GetNextImageInList
AcquireNextImage
EOFBlob
RelinquishMagickMemory
SyncImage
GetAuthenticIndexQueue
AcquireImageColormap
LoadImageTag
SyncAuthenticPixels
QueueAuthenticPixels
DestroyString
SetImageProperty
AcquireQuantumMemory
ReadBlobByte
ReadBlobLSBShort
ReadBlob
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
RegisterMagickInfo
ConstantString
SetMagickInfo
UnregisterMagickInfo

msvcr90

__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memset
_errno
memcpy

kernel32

LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

RegisterRLEImage
UnregisterRLEImage

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f7eb7546867b609475cc95884cf99b3

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 1024B - Virtual size: 652B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1024B - Virtual size: 652B