fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118
Size

92KB
MD5

fe2289a43c9e8c58dd57c1887f025bc2
SHA1

d69f1a2f77a8f18ea1b56583a39446682a21cc16
SHA256

553c8ad5b99c5047292211615eb545c99a07e7629075eeb41caafce0dbed7c2d
SHA512

01cbb8de72db29b71d154e07c2ca7f77c8960c9504eac4688d0b1ad2eb03ad1243c2b2b98af3805b6dd2e2c14155abae975a0d0cefa1d1b14e0f7136d3aaf635
SSDEEP

1536:WWYnUICHiZGI6S0PxjbGZaDXuwL5n/NzJirLjm+4QtHr5Vh0M8l3lbQF8NDJmnOK:WWh5S0Pxjb/h5a+QtHr5Vh0MQIi9mnOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118

Files

fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

acdad0e02e7b574c87883a1c7a837602

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\filter\wntmsci12.pro\bin\icgmi.pdb

Imports

tkmi

?CreateBitmap@VCLUnoHelper@@SA?AV?$Reference@VXBitmap@awt@star@sun@com@@@uno@star@sun@com@@ABVBitmapEx@@@Z

vclmi

??0Bitmap@@QAE@ABVSize@@GPBVBitmapPalette@@@Z
?AcquireWriteAccess@Bitmap@@QAEPAVBitmapWriteAccess@@XZ
?SetPixel@BitmapWriteAccess@@QAEXJJABVBitmapColor@@@Z
?SetPaletteEntryCount@BitmapWriteAccess@@QAEXG@Z
?SetPaletteColor@BitmapWriteAccess@@QAEXGABVBitmapColor@@@Z
??1BitmapColor@@QAE@XZ
?ReleaseAccess@Bitmap@@QAEXPAVBitmapReadAccess@@@Z
?Expand@Bitmap@@QAEEKKPBVColor@@@Z
??1Bitmap@@QAE@XZ
?Mirror@Bitmap@@QAEEK@Z
??0BitmapEx@@QAE@ABVBitmap@@@Z
??1BitmapEx@@QAE@XZ
?Stop@GDIMetaFile@@QAEXXZ
??0MapMode@@QAE@XZ
??4MapMode@@QAEAAV0@ABV0@@Z
??1MapMode@@QAE@XZ
??0Graphic@@QAE@ABVGDIMetaFile@@@Z
??4Graphic@@QAEAAV0@ABV0@@Z
??1Graphic@@UAE@XZ
?CopyPixel@Bitmap@@QAEEABVRectangle@@0PBV1@@Z

utlmi

?getProcessServiceFactory@utl@@YA?AV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@XZ
?CreateStream@UcbStreamHelper@utl@@SAPAVSvStream@@ABVString@@GPAVUcbLockBytesHandler@2@E@Z

tlmi

??0Polygon@@QAE@GPBVPoint@@PBE@Z
?GetObject@Container@@QBEPAXK@Z
??0Polygon@@QAE@G@Z
?SetPoint@Polygon@@QAEXABVPoint@@G@Z
??0PolyPolygon@@QAE@GG@Z
?Insert@PolyPolygon@@QAEXABVPolygon@@G@Z
??1PolyPolygon@@QAE@XZ
??0Polygon@@QAE@ABVRectangle@@ABVPoint@@1W4PolyStyle@@@Z
?SetFlags@Polygon@@QAEXGW4PolyFlags@@@Z
?Insert@Container@@QAEXPAX@Z
??0Rectangle@@QAE@ABVPoint@@ABVSize@@@Z
?Count@PolyPolygon@@QBEGXZ
?GetPoint@Polygon@@QBEABVPoint@@G@Z
?GetObject@PolyPolygon@@QBEABVPolygon@@G@Z
??0Polygon@@QAE@ABV0@@Z
??1Polygon@@QAE@XZ
?GetFlags@Polygon@@QBE?AW4PolyFlags@@G@Z
?GetSize@Polygon@@QBEGXZ
??APolygon@@QAEAAVPoint@@G@Z
?CreateFromAscii@String@@SA?AV1@PBD@Z
??BString@@QBE?AVOUString@rtl@@XZ
??1String@@QAE@XZ
?Get@Table@@QBEPAXK@Z
??0Table@@QAE@GG@Z
?GetKey@Table@@QBEKPBX@Z
??1Table@@QAE@XZ
?GetPos@Container@@QBEKPBX@Z
?Remove@Container@@QAEPAXK@Z
?Insert@Container@@QAEXPAXK@Z
?First@Table@@QAEPAXXZ
?Next@Table@@QAEPAXXZ
?Insert@Table@@QAEEKPAX@Z
?SetNumberFormatInt@SvStream@@QAEXG@Z
?Seek@SvStream@@QAEKK@Z
?Clear@Container@@QAEXXZ
?Read@SvStream@@QAEKPAXK@Z
?SeekRel@SvStream@@QAEKJ@Z
?First@Container@@QAEPAXXZ
?Next@Container@@QAEPAXXZ
??6SvStream@@QAEAAV0@PBD@Z
?WriteNumber@SvStream@@QAEAAV1@K@Z
??6SvStream@@QAEAAV0@C@Z
??0Container@@QAE@GGG@Z
??1Container@@QAE@XZ
?Clear@PolyPolygon@@QAEXXZ

cppu3

uno_type_sequence_construct
uno_any_construct
uno_type_any_construct
uno_any_destruct
uno_type_any_assign
typelib_static_type_init
uno_type_assignData
uno_type_destructData
typelib_static_type_getByTypeClass
uno_type_sequence_realloc
uno_type_sequence_reference2One
typelib_static_sequence_type_init

sal3

rtl_uString_newFromAscii
rtl_uString_new
rtl_uString_assign
rtl_uString_release

msvcr90

__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memcpy
_CIsin
_CIcos
_CIsqrt
_CIacos
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
memset
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange

Exports

Exports

GetVersionInfo
ImportCGM

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acdad0e02e7b574c87883a1c7a837602

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tkmi

vclmi

utlmi

tlmi

cppu3

sal3

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB