b8835e400aa867669c04bb87768c9373_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8835e400aa867669c04bb87768c9373_JaffaCakes118
Size

110KB
MD5

b8835e400aa867669c04bb87768c9373
SHA1

67fed77ca24058e1c621df5ab8b0f98b0679b936
SHA256

9a308bb702c23d9a8160fbfa4806f8276a7c968b918e6690238bc436a60b2ffd
SHA512

56d39557ebe9fd4f83adcd03a2b0494be1128f7786e17dc2e827ebff0e2be4f52571664bb1e5bddcbe916585d6278e405d87f93d6adc65b0d14322b270129479
SSDEEP

1536:I6iGQbkcDT1c3LH2xoJf41JVdHwaOkc0rVYrmDXOIV/MAb39yi9D4Tj8u1:Iglcib2V1xHwaOkbY6DQKLUj8u1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8835e400aa867669c04bb87768c9373_JaffaCakes118

Files

b8835e400aa867669c04bb87768c9373_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f68f1e3f9a615a960e3cec14c217f26f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_tim_.pdb

Imports

core_rl_magick_

FormatMagickString
GetFirstImageInList
GetExceptionMessage
CloseBlob
ThrowMagickException
LoadImagesTag
TellBlob
GetBlobSize
SyncNextImageInList
GetNextImageInList
AcquireNextImage
EOFBlob
SyncImage
LoadImageTag
SyncAuthenticPixels
GetAuthenticIndexQueue
QueueAuthenticPixels
RelinquishMagickMemory
ReadBlob
AcquireQuantumMemory
AcquireImageColormap
ReadBlobLSBShort
ReadBlobLSBLong
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
RegisterMagickInfo
ConstantString
SetMagickInfo
UnregisterMagickInfo

msvcr90

__dllonexit
_lock
_onexit
_except_handler4_common
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_errno
_encode_pointer

kernel32

LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

RegisterTIMImage
UnregisterTIMImage

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f68f1e3f9a615a960e3cec14c217f26f

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 1024B - Virtual size: 630B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1024B - Virtual size: 630B