b09c33d0babaffbca6b0436b318ce470_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b09c33d0babaffbca6b0436b318ce470_JaffaCakes118
Size

157KB
MD5

b09c33d0babaffbca6b0436b318ce470
SHA1

587c86050c541df4408c4de0011749803cb1a5bd
SHA256

90394bcf8c8da947e4268073be161b787269528db622ca0644ede08fe7790df8
SHA512

d3625b28fd891add2832503ac1871bb94f3b94103adf130219a9e10b80eff2ba5e3452f669cdc3ffcecf750838232c647f292ab63f111211619436c81efa667e
SSDEEP

3072:q1Au/68Gj1iqTlnsHT83xQAIkvl4PXQUf30kCzfCm3N9XXo9a8+V3aEU:qmuS821znsHQ1yXQ2kk1mfT8S3W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b09c33d0babaffbca6b0436b318ce470_JaffaCakes118

Files

b09c33d0babaffbca6b0436b318ce470_JaffaCakes118
.dll windows:5 windows x86 arch:x86

616889254057dbaca5f114901b642994

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_png_.pdb

Imports

core_rl_zlib_

zlibVersion
crc32

core_rl_png_

png_get_header_ver
png_get_libpng_ver
png_create_write_struct_2
png_destroy_write_struct
png_error
png_set_write_fn
png_set_compression_buffer_size
png_set_compression_mem_level
png_set_compression_level
png_set_compression_strategy
png_set_filter
png_set_iCCP
png_set_IHDR
png_set_oFFs
png_write_info_before_PLTE
png_write_info
png_write_row
png_write_end
png_malloc
png_set_text
png_free
png_create_read_struct_2
png_create_info_struct
png_destroy_read_struct
png_set_sig_bytes
png_permit_mng_features
png_set_read_fn
png_set_keep_unknown_chunks
png_set_read_user_chunk_fn
png_read_info
png_get_IHDR
png_get_tRNS
png_get_bKGD
png_set_packing
png_get_valid
png_get_iCCP
png_get_sRGB
png_get_gAMA
png_set_gAMA
png_set_cHRM
png_get_cHRM
png_set_sRGB
png_get_x_offset_pixels
png_get_y_offset_pixels
png_set_pHYs
png_get_pHYs
png_get_PLTE
png_set_PLTE
png_set_tRNS
png_set_bKGD
png_free_data
png_set_invalid
png_set_sBIT
png_set_interlace_handling
png_read_update_info
png_get_rowbytes
png_read_row
png_read_end
png_get_text
png_get_user_chunk_ptr
png_get_error_ptr
png_get_io_ptr
png_warning

core_rl_magick_

UnlockSemaphoreInfo
SetMagickInfo
ConstantString
RegisterMagickInfo
AllocateSemaphoreInfo
SetGeometry
ParseMetaGeometry
GetImageListLength
SaveImagesTag
CatchImageException
SeparateImageChannel
NegateImage
ImageToBlob
GetImageOption
GetImageArtifact
CloneImage
CloneImageInfo
TransformImageColorspace
GetNumberColors
SetImageOpacity
ExportQuantumPixels
ResetImagePropertyIterator
GetNextImageProperty
GetImageProperty
ResetImageProfileIterator
GetNextImageProfile
GetImageProfile
CloneStringInfo
GetStringInfoLength
LocaleNCompare
CopyMagickString
UnregisterMagickInfo
DestroySemaphoreInfo
SeekBlob
DeleteImageFromList
CropImage
GetImageException
GetPreviousImageInList
CoalesceImages
IsImageObject
GetAuthenticPixelQueue
AcquireNextImage
GetNextImageInList
SyncNextImageInList
GetBlobSize
TellBlob
LoadImagesTag
ReadBlobMSBLong
ReadBlobByte
GetImageInfo
AcquireUniqueFilename
ReadImage
RelinquishUniqueFileResource
DestroyImage
DestroyImageInfo
AcquireImage
OpenBlob
ResetMagickMemory
SetImageType
LockSemaphoreInfo
CloseBlob
DestroyImageList
InheritException
GetFirstImageInList
GetImageQuantumDepth
SetStringInfoDatum
AcquireImageColormap
FormatMagickString
LogMagickEvent
GetVirtualPixels
WriteBlob
CopyMagickMemory
ReadBlob
RelinquishMagickMemory
ThrowMagickException
LocaleCompare
AcquireMagickMemory
DestroyStringInfo
SetImageProfile
GetStringInfoDatum
AcquireStringInfo
DestroyString
SetImageProperty
ConcatenateMagickString
SetImageBackgroundColor
SyncImage
GetAuthenticIndexQueue
GetAuthenticPixels
SyncAuthenticPixels
LoadImageTag
ImportQuantumPixels
QueueAuthenticPixels
AcquireQuantumInfo
DestroyQuantumInfo
AcquireQuantumMemory

msvcr90

_crt_debugger_hook
__clean_type_info_names_internal
__CppXcptFilter
__dllonexit
_lock
_onexit
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memset
_setjmp3
printf
longjmp
_unlock
strtol

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

RegisterPNGImage
UnregisterPNGImage

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

616889254057dbaca5f114901b642994

Headers

File Characteristics

PDB Paths

Imports

core_rl_zlib_

core_rl_png_

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 56KB - Virtual size: 57KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 56KB - Virtual size: 57KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 6KB - Virtual size: 5KB