422d6b94b85973f6f225b7e6ae26cdbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

422d6b94b85973f6f225b7e6ae26cdbd_JaffaCakes118
Size

372KB
MD5

422d6b94b85973f6f225b7e6ae26cdbd
SHA1

9f929f0eab4e07fbcd3766d187e93a236f7bdda6
SHA256

529f5726ec0d355fab85803904acf8bed95dc4d21e4e6f9e62d2b09e9d77066b
SHA512

26b235dfa5c2c8085dc99e438ada3efe9159422bb450fce20961aa6e448648099d73e5faca8f9444013607496ce77ec06af9fc8f165fee8aebf99e487e64b63b
SSDEEP

6144:2clEkvTL732rgUhk2CjNcqt4ORKyLrxhpYsz1TjL4VBqXBB3:2c6Ef732rgxRjWqFLHxhpYKGq9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
422d6b94b85973f6f225b7e6ae26cdbd_JaffaCakes118

Files

422d6b94b85973f6f225b7e6ae26cdbd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4fbf46bc9e7a7e8f0f1b56f525c0091a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wiaservc

wiasSetPropChanged
wiasGetRootItem
wiasSetItemPropAttribs
wiasWriteMultiple
wiasReadPropLong
wiasSetItemPropNames
wiasValidateItemProperties
wiasWritePropStr
wiasReadPropGuid
wiasWritePropGuid
wiasReadPropStr
wiasGetChangedValueLong
wiasGetImageInformation
wiasCreateDrvItem
wiasWritePropLong
wiasReadMultiple
wiasGetItemType
wiasCreatePropContext
wiasFreePropContext
wiasUpdateScanRect
wiasUpdateValidFormat
wiasGetDrvItem
wiasWritePageBufToFile

kernel32

SetEnvironmentVariableA
Sleep
GetProcessHeap
SetEndOfFile
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateEventA
CloseHandle
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetSystemTime
lstrcpyW
GetUserDefaultLangID
GetSystemDefaultLangID
GetTickCount
CreateSemaphoreA
GetCurrentProcessId
WaitForSingleObject
ReleaseSemaphore
GetTempPathA
OutputDebugStringA
InterlockedExchange
GetCurrentThreadId
SetEvent
IsBadWritePtr
GetVersionExA
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
GetLastError
DeviceIoControl
SetFilePointer
RtlUnwind
GetModuleHandleA
GetStdHandle
GetOEMCP
GetACP
GetUserDefaultLCID
VirtualFree
HeapCreate
GetEnvironmentStringsW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
HeapFree
GetCommandLineA
TlsAlloc
ExitProcess
HeapSize
GetTimeZoneInformation
WriteFile
GetSystemTimeAsFileTime
RaiseException
ExitThread
TlsSetValue
TlsGetValue
CreateThread
TlsFree
SetLastError
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
CompareStringA
GetCPInfo
CompareStringW

user32

wsprintfA
CharNextA
wvsprintfA

advapi32

RegOpenKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoGetClassObject
CLSIDFromString
StringFromIID
StringFromCLSID
FreePropVariantArray
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TulipLog
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fbf46bc9e7a7e8f0f1b56f525c0091a

Headers

File Characteristics

Imports

wiaservc

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 28KB - Virtual size: 33KB

TulipLog Size: 4KB - Virtual size: 8B

.rsrc Size: 104KB - Virtual size: 101KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 28KB - Virtual size: 33KB

TulipLog
Size: 4KB - Virtual size: 8B

.rsrc
Size: 104KB - Virtual size: 101KB

.reloc
Size: 16KB - Virtual size: 14KB