d4897be441ec2a7253dd93a732479963_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4897be441ec2a7253dd93a732479963_JaffaCakes118
Size

72KB
MD5

d4897be441ec2a7253dd93a732479963
SHA1

742d88685b640a6d265dc579405d2ca12c58c1f0
SHA256

6c2b83614db69c1faf43eb1109ae49e10d602b5075bbdd6db14ebe98e4ac3313
SHA512

1cdf3e73a2f7d47b3fb81c6e57a88dee10164db421446237b7cca5ca32e33af8730b83f3663f9f20951c3940ab4547310b455439eeab0c90463a1947f19cde22
SSDEEP

1536:jTAb5HrzT4EcujKRJF/T0Tpm0c6phUcQbyiXgN1FNK87:Ib5HrXtKRJF/TkU1JpgDr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4897be441ec2a7253dd93a732479963_JaffaCakes118

Files

d4897be441ec2a7253dd93a732479963_JaffaCakes118
.dll windows:5 windows x86 arch:x86

98cceeb6ad3558d743841dc9ef4ecb33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.6.6\VisualMagick\bin\IM_MOD_RL_cin_.pdb

Imports

core_rl_magick_

FormatMagickString
GetFirstImageInList
GetExceptionMessage
EOFBlob
DestroyQuantumInfo
SetQuantumImageType
LoadImageTag
SyncAuthenticPixels
ImportQuantumPixels
QueueAuthenticPixels
GetQuantumExtent
GetQuantumPixels
ThrowMagickException
AcquireQuantumInfo
CloseBlob
DestroyStringInfo
SetImageProfile
GetStringInfoLength
GetStringInfoDatum
AcquireStringInfo
ReadBlobFloat
FormatImageProperty
ReadBlobByte
SetImageProperty
ReadBlobLong
LocaleNCompare
ReadBlob
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
UnregisterMagickInfo
GetImageProperty
GetImageOption
SaveImageTag
ExportQuantumPixels
GetVirtualPixels
WriteBlobFloat
WriteBlobByte
WriteBlob
CopyMagickString
GetImageProfile
WriteBlobLong
ResetMagickMemory
TransformImageColorspace
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
strftime
_errno
strtoul
strtol
strtod
_time64
__clean_type_info_names_internal
_localtime64

kernel32

LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

RegisterCINImage
UnregisterCINImage

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98cceeb6ad3558d743841dc9ef4ecb33

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1KB - Virtual size: 1KB