26086afd10449bed2bf79061aa818378_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26086afd10449bed2bf79061aa818378_JaffaCakes118
Size

332KB
MD5

26086afd10449bed2bf79061aa818378
SHA1

0091399e288549364d375f8ca9b2960a6292223a
SHA256

047802c7c4a6db1ab65699c096960e71763e8b41bf24f20c9be0babc4576b5d5
SHA512

89e5b34bb3ab3fd6946c2b0a172fac3f00ea95cdcd9307c5c09e18e6446a4df8746bf8c24f650eea7894a0f91a4a0b5e8302d58b2793adf3dcdf0dc540582ef3
SSDEEP

6144:NlZZyf3c5tRaSz4EfJ75iII2LFTbrBcWKlA/CZrSuyNghxZ6fQpXW4L:NlOfifzNJ7IIXBTbrBcdlA/CZrSuyNgN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26086afd10449bed2bf79061aa818378_JaffaCakes118

Files

26086afd10449bed2bf79061aa818378_JaffaCakes118
.dll windows:4 windows x86 arch:x86

784c8c9610fa0e8aa5024a8eab09d4b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\SRC680\src\so3\wntmsci10.pro\bin\so680mi.pdb

Imports

svt680mi

ord6970
ord7031
ord6942
ord7033
ord7032
ord6948
ord6969
ord6934
ord6933
ord6960
ord6952
ord2647
ord2658
ord2648
ord6117
ord6119
ord2443
ord2447
ord2444
ord6941
ord2311
ord2310
ord2309
ord2308
ord2307
ord2306
ord2327
ord2352
ord2351
ord2350
ord2128
ord2127
ord2316
ord2315
ord2113
ord2112
ord2126
ord2384
ord2388
ord6947
ord5458
ord7030
ord7026
ord7037
ord7028
ord7018
ord6990
ord7020
ord7025
ord6972
ord6971
ord6988
ord6998
ord2645
ord2639
ord2644
ord2652
ord2372
ord2312
ord2387
ord2376
ord2393
ord2330
ord2314
ord2333
ord2318
ord2326
ord2356
ord2379
ord2322
ord5513
ord2646
ord2659
ord6336
ord6345
ord6496
ord6472
ord6389
ord3262
ord6388
ord6386
ord6387
ord6475
ord6337
ord6711
ord6744
ord6715
ord6521
ord6467
ord6442
ord6497
ord5040
ord5024
ord5022
ord5025
ord5020
ord6538
ord3223

vcl680mi

ord2178
ord2187
ord2171
ord2173
ord2168
ord3249
ord2596
ord5202
ord2235
ord2236
ord2595
ord2281
ord2234
ord3253
ord2603
ord2594
ord1655
ord1601
ord2283
ord2261
ord5240
ord2241
ord2244
ord1127
ord2279
ord3335
ord3236
ord3224
ord3225
ord3302
ord2599
ord2274
ord3294
ord3241
ord2243
ord3260
ord3229
ord3654
ord3295
ord3648
ord3628
ord2600
ord3248
ord5729
ord5726
ord5723
ord6483
ord5719
ord5753
ord6694
ord5742
ord6478
ord4214
ord5992
ord5387
ord4402
ord5366
ord5174
ord5290
ord3358
ord3298
ord3512
ord3328
ord1629
ord2231
ord2598
ord1034
ord1125
ord5370
ord1118
ord1156
ord5221
ord6623
ord5443
ord6679
ord4583
ord4560
ord1031
ord5698
ord5163
ord5164
ord5165
ord5166
ord5167
ord5363
ord4196
ord5287
ord5288
ord5169
ord5170
ord5388
ord5171
ord5289
ord5364
ord5172
ord5173
ord4195
ord4194
ord4873
ord4193
ord3309
ord5374
ord5339
ord5231
ord5232
ord5233
ord5342
ord5312
ord5351
ord4236
ord4237
ord5345
ord3305
ord3444
ord3507
ord3481
ord5379
ord5347
ord5348
ord5349
ord4192
ord4870
ord4869
ord4868
ord4867
ord4191
ord4549
ord6634
ord5720
ord5788
ord5713
ord5950
ord6592
ord5743
ord4897
ord964
ord1267
ord4550
ord1246
ord1247
ord1248
ord5115
ord4207
ord1126
ord2602
ord2601
ord2280
ord2360
ord2377
ord2366
ord2163
ord2415
ord3544
ord2571
ord2564
ord3223
ord3311
ord3549
ord5513
ord5508
ord6630
ord2167
ord5447
ord6636
ord6632
ord6635
ord6627
ord4896
ord4091
ord4090
ord4089
ord4109
ord4121
ord4119
ord399
ord4445
ord4501
ord4415
ord4446
ord4407
ord4505
ord4408
ord4406
ord3237
ord5215
ord2401
ord2284
ord1158
ord1206
ord4526
ord4508
ord4529
ord4534
ord4480
ord4481
ord4482
ord4484
ord4405
ord5593
ord5597
ord5391
ord5546
ord5204
ord5305
ord5542
ord5553
ord3304
ord3301
ord3337
ord5248
ord2177
ord1641
ord1604
ord5257
ord5399
ord5397
ord5338
ord5554
ord5224
ord5337
ord4587
ord1339
ord1336
ord1340
ord3508
ord1341
ord4854
ord4858
ord5168
ord3231

svl680mi

ord1463
ord1416
ord1415
ord1603
ord1808
ord1809
ord1620
ord1652
ord1654
ord1037
ord520
ord1606
ord1602
ord1600
ord1359
ord1454
ord1461
ord1358

sot680mi

ord49
ord34
ord90
ord202
ord33
ord362
ord364
ord44
ord361
ord359
ord345
ord344
ord341
ord340
ord222
ord224
ord302
ord311
ord303
ord304
ord305
ord307
ord306
ord308
ord309
ord310
ord312
ord313
ord314
ord315
ord316
ord317
ord318
ord321
ord354
ord327
ord352
ord350
ord349
ord348
ord365
ord301
ord320
ord319
ord294
ord293
ord292
ord58
ord79
ord56
ord57
ord55
ord335
ord334
ord60
ord89
ord94
ord125
ord92
ord277
ord286
ord285
ord284
ord283
ord282
ord281
ord280
ord279
ord278
ord23
ord331
ord136
ord137
ord139
ord351
ord271
ord270
ord36
ord81
ord71
ord52
ord87
ord64
ord54
ord91
ord336
ord131
ord43
ord41
ord42
ord37

utl680mi

ord628
ord626
ord630
ord658
ord599

tl680mi

ord1765
ord1947
ord1924
ord1926
ord1925
ord1929
ord1930
ord1006
ord640
ord1948
ord1883
ord1870
ord1869
ord1886
ord1890
ord1888
ord1878
ord1932
ord2017
ord2041
ord342
ord345
ord449
ord444
ord422
ord423
ord416
ord424
ord753
ord752
ord1294
ord1523
ord1309
ord775
ord2028
ord2040
ord443
ord429
ord417
ord878
ord876
ord868
ord867
ord348
ord346
ord881
ord860
ord705
ord741
ord902
ord53
ord910
ord912
ord899
ord791
ord432
ord247
ord248
ord863
ord866
ord874
ord873
ord735
ord729
ord730
ord1196
ord643
ord1250
ord1199
ord1862
ord1863
ord241
ord740
ord812
ord828
ord743
ord813
ord736
ord163
ord1481
ord38
ord1691
ord1692
ord252
ord254
ord1697
ord1698
ord251
ord1042
ord1018
ord2160
ord1007
ord821
ord792
ord1970
ord1968
ord1975
ord1973
ord1990
ord1993
ord1991
ord1981
ord217
ord1982
ord732
ord218
ord215
ord259
ord816
ord764
ord858
ord884
ord1944
ord1951
ord1300
ord869
ord879
ord877
ord865
ord870
ord811
ord1953
ord1941
ord1512
ord1306
ord1529
ord1506
ord837
ord827
ord749
ord1544
ord1302
ord1366
ord793
ord842
ord249
ord745
ord774
ord731
ord1943
ord898
ord2029
ord1945
ord1882
ord273
ord648
ord649
ord695
ord823
ord760
ord820
ord55
ord782
ord431
ord421
ord1367
ord419
ord1814
ord1776
ord1718
ord1783
ord1752
ord1548
ord1301
ord1815
ord1787
ord1794
ord2222
ord832
ord829
ord1483
ord1375
ord1376
ord1753
ord1777
ord1754
ord1745
ord1778
ord340
ord1788
ord1755
ord1789
ord1859
ord1799
ord1845
ord1942
ord1952
ord748
ord744
ord790
ord441
ord434
ord734
ord1766
ord1764
ord1016
ord1019
ord262
ord255
ord256
ord257
ord1728
ord1727
ord1716
ord1721
ord1715
ord1714
ord1713
ord1712
ord1711
ord1751
ord1769
ord1750
ord1743
ord272
ord788
ord1388
ord1389
ord1313
ord1305
ord1307
ord1915
ord446
ord447
ord433

vos3msc

ord359
ord372
ord370
ord360
ord744
ord441
ord759
ord761
ord415
ord746
ord412
ord459
ord451
ord454
ord443

comphelp4msc

ord748

cppuhelper3msc

?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
??1OWeakObject@cppu@@MAE@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?release@OWeakObject@cppu@@UAAXXZ
?queryInterface@OWeakObject@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
??0OWeakObject@cppu@@QAE@XZ
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z

cppu3

typelib_typedescriptionreference_equals
typelib_static_type_getByTypeClass
uno_any_construct
uno_type_any_construct
uno_any_destruct
uno_type_any_assign
typelib_static_type_init
uno_type_assignData
typelib_static_sequence_type_init
typelib_typedescriptionreference_acquire
typelib_typedescriptionreference_release
uno_type_sequence_assign
uno_type_sequence_realloc
uno_type_sequence_reference2One
uno_type_destructData
uno_type_sequence_construct

sal3

rtl_uString_new
rtl_uString_acquire
rtl_uString_release
rtl_uString_assign
rtl_ustr_compare_WithLength
rtl_ustr_shortenedCompare_WithLength
rtl_uString_newFromAscii
rtl_allocateMemory
rtl_freeMemory
osl_decrementInterlockedCount
osl_incrementInterlockedCount
rtl_copyMemory
rtl_string2UString
rtl_uString_newConcat
rtl_ustr_ascii_compare_WithLength
rtl_uString_newToAsciiLowerCase
rtl_ustr_toInt32
osl_getThreadTextEncoding
rtl_getGlobalProcessId
osl_releaseMutex
osl_acquireMutex
osl_getGlobalMutex
osl_getFileURLFromSystemPath

ucbhelper3msc

ord36
ord62
ord78

ole32

OleCreate
OleSetContainedObject
CreateDataCache
ReadClassStg
OleGetIconOfClass
OleDraw
OleCreateFromData
OleRun
StgCreateDocfile
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleSave
WriteClassStg
GetHGlobalFromILockBytes
OleRegGetUserType
CoTaskMemFree
GetClassFile
OleGetClipboard
OleQueryCreateFromData
OleInitialize
OleLoad
CoGetMalloc
StringFromCLSID
ProgIDFromCLSID
ReadFmtUserTypeStg
WriteFmtUserTypeStg
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
CreateItemMoniker
MkParseDisplayName
OleCreateLinkToFile
OleCreateFromFile
CoIsOle1Class
SetConvertStg
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
GetRunningObjectTable
CreateBindCtx
CoFileTimeNow
OleIsRunning

advapi32

RegQueryValueA

gdi32

SelectObject
LPtoDP
DeleteMetaFile
GetMetaFileBitsEx
GetStockObject
DeleteObject
PatBlt
SetTextColor
CreatePatternBrush
CreateBitmap
CreatePen
SetBkMode
SetBkColor
ExtTextOutA
SetMapMode
DPtoLP
GetDeviceCaps
Rectangle

j680mi_g

ord54
ord44
ord49
ord20
ord22

msvcr71

_onexit
__dllonexit
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
malloc
_initterm
free
wcslen
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
??1exception@@UAE@XZ
??3@YAXPAX@Z
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__CppXcptFilter
??1type_info@@UAE@XZ

uwinapi

WideCharToMultiByte
snprintf
MultiByteToWideChar

kernel32

FindFirstFileA
FindClose
lstrlenA
GlobalFree
lstrcpynA
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
MulDiv
WinExec
DisableThreadLibraryCalls

user32

ReleaseDC
GetDC
RegisterClipboardFormatA
MessageBeep
GetSysColor
SetRect
GetClientRect
InvertRect
InflateRect
FrameRect
CopyRect
GetActiveWindow

stlport_vc7145

?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?_M_decrement@?$_Rb_global@_N@_STL@@SAPAU_Rb_tree_node_base@2@PAU32@@Z
?_Rebalance@?$_Rb_global@_N@_STL@@SAXPAU_Rb_tree_node_base@2@AAPAU32@@Z
?_M_increment@?$_Rb_global@_N@_STL@@SAPAU_Rb_tree_node_base@2@PAU32@@Z

Exports

Exports

GetVersionInfo
IsEqualGUID
StarObject_AllocObjectDescriptor@48
StarObject_ConvertStringToANSI@8
StarObject_CopyString@4
StarObject_CreateFileMoniker@8
StarObject_CreateItemMoniker@12
StarObject_CreateStorageOnHGlobal@4
StarObject_DoConvert@8
StarObject_GetLinkSourceData@16
StarObject_GetUserTypeOfClass@16
StarObject_MetafilePictIconFree@4
StarObject_MkParseDisplayName@16
StarObject_NoteChangeTime@12
StarObject_ObjectDescriptorFromOleObject@20
StarObject_OleCreateFromFile@32
StarObject_OleCreateLinkToFile@28
StarObject_ProgIDFromCLSID@8
StarObject_ReadFmtUserTypeStg@12
StarObject_RegisterAsRunning@16
StarObject_RevokeAsRunning@4
StarObject_SetIconInCache@8
StarObject_StgCreateDocfile@16
StarObject_StgIsStorageFile@4
StarObject_StgOpenStorage@24
StarObject_StringFromCLSID@8
StarObject_StringFromGUID2@12
StarObject_SwitchDisplayAspect@32
StarObject_WriteFmtUserTypeStg@12
UIDrawHandles@20
UIDrawShading@16
UIShowObject@12
_TI2?AVbad_alloc@std@@
_real@0000000000000000
_real@3fe0000000000000
_real@408f400000000000
_real@41f0000000000000
component_getDescriptionFunc

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

784c8c9610fa0e8aa5024a8eab09d4b2

Headers

File Characteristics

PDB Paths

Imports

svt680mi

vcl680mi

svl680mi

sot680mi

utl680mi

tl680mi

vos3msc

comphelp4msc

cppuhelper3msc

cppu3

sal3

ucbhelper3msc

ole32

advapi32

gdi32

j680mi_g

msvcr71

uwinapi

kernel32

user32

stlport_vc7145

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 24KB - Virtual size: 22KB