34b8db36bcaf26589b75f68aa2a236a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34b8db36bcaf26589b75f68aa2a236a1_JaffaCakes118
Size

320KB
MD5

34b8db36bcaf26589b75f68aa2a236a1
SHA1

c908ea712c8ae4cb92e01ce8b78ab55900c580e6
SHA256

8ed0452dc80a5b32c472ae267b3a06d8660e7ef358947a5f561f00025e1db7fa
SHA512

d7f54b3b51fc99f181624d6df111e76ab60570f9eeee5a2af3fff140f4cb5ca9119d27c265fabf2c30d3f9feba505003eb519aa0ef39244b8390957e3fa1bed9
SSDEEP

6144:AOPeVikcGOIegkiTXHXEjrz3QQptHCugn3VU1c6vrd0d7:7ciklOIegkoX383/pti/nFUG6vrdq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34b8db36bcaf26589b75f68aa2a236a1_JaffaCakes118

Files

34b8db36bcaf26589b75f68aa2a236a1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ef0e4fb59dda13ec373d9aedc3c7b74c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wiaservc

wiasWriteMultiple
wiasSetItemPropNames
wiasValidateItemProperties
wiasWritePropStr
wiasReadPropGuid
wiasWritePropGuid
wiasSetPropChanged
wiasGetChangedValueLong
wiasGetImageInformation
wiasCreateDrvItem
wiasWritePropLong
wiasReadMultiple
wiasGetItemType
wiasCreatePropContext
wiasFreePropContext
wiasUpdateScanRect
wiasUpdateValidFormat
wiasReadPropStr
wiasSetItemPropAttribs
wiasGetRootItem
wiasWritePageBufToFile
wiasReadPropLong
wiasGetDrvItem

kernel32

GetLocaleInfoW
SetEndOfFile
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
VirtualFree
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateEventA
CloseHandle
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetSystemTime
lstrcpyW
GetUserDefaultLangID
GetSystemDefaultLangID
GetTickCount
CreateSemaphoreA
GetCurrentProcessId
WaitForSingleObject
ReleaseSemaphore
GetTempPathA
OutputDebugStringA
InterlockedExchange
GetCurrentThreadId
SetEvent
IsBadWritePtr
GetVersionExA
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
GetLastError
DeviceIoControl
Sleep
HeapAlloc
GetSystemTimeAsFileTime
SetFilePointer
RaiseException
GetTimeZoneInformation
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
HeapReAlloc
HeapSize
GetModuleHandleA
ExitProcess
TlsAlloc
RtlUnwind
GetOEMCP
WriteFile
ExitThread
TlsSetValue
TlsGetValue
CreateThread
GetCommandLineA
HeapFree
GetACP
CompareStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
LCMapStringA
SetLastError
GetCPInfo
CompareStringW
TlsFree

user32

wvsprintfA
wsprintfA
CharNextA

advapi32

RegCreateKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CLSIDFromString
StringFromIID
StringFromCLSID
FreePropVariantArray
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TulipLog
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef0e4fb59dda13ec373d9aedc3c7b74c

Headers

File Characteristics

Imports

wiaservc

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 28KB - Virtual size: 33KB

TulipLog Size: 4KB - Virtual size: 8B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 28KB - Virtual size: 33KB

TulipLog
Size: 4KB - Virtual size: 8B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 16KB - Virtual size: 14KB