3d18d1df98ecd87daadec8130d30160b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d18d1df98ecd87daadec8130d30160b_JaffaCakes118
Size

72KB
MD5

3d18d1df98ecd87daadec8130d30160b
SHA1

ccf01ecd1ac2cf0626dbc2ef93502291574d33a1
SHA256

af90bbe6d845e07defcfce39b5bb17c0eaa20c629af9a716481fd388c6acae53
SHA512

55b68113e3425a81eef6e792077a8e0bd80606021c7c8949c4461fd9815adda7d2cb2f5e169814921b35e0d82f6eeecf6809cd83693b08ae64ee3bd2a859b964
SSDEEP

1536:5aU1ep4kp5DGGh6f41ey8LeRr6cExExB4lQri+Cv4cnFYXGqtT:5aU1emYPRH4caMB4+u4cnFYXGqt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d18d1df98ecd87daadec8130d30160b_JaffaCakes118

Files

3d18d1df98ecd87daadec8130d30160b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dbe5539661ec7a4f76a162bd0fc0d52c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\kovid\sw\build\ImageMagick-6.5.6\VisualMagick\bin\IM_MOD_RL_vicar_.pdb

Imports

core_rl_magick_

FormatMagickString
LocaleNCompare
GetFirstImageInList
CloseBlob
ThrowMagickException
EOFBlob
DestroyQuantumInfo
SetQuantumImageType
LoadImageTag
SyncAuthenticPixels
ImportQuantumPixels
ReadBlob
QueueAuthenticPixels
GetQuantumExtent
GetQuantumPixels
AcquireQuantumInfo
AcquireImageColormap
LocaleCompare
DestroyImage
ReadBlobByte
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
UnregisterMagickInfo
SaveImageTag
ExportQuantumPixels
GetVirtualPixels
WriteBlob
ResetMagickMemory
TransformImageColorspace
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
isgraph
isalnum
isspace
_errno
strerror
atol

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

RegisterVICARImage
UnregisterVICARImage

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbe5539661ec7a4f76a162bd0fc0d52c

Headers

File Characteristics

PDB Paths

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 650B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 650B