07adc04fcbb48ece1a551a13003eccaf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07adc04fcbb48ece1a551a13003eccaf_JaffaCakes118
Size

61KB
MD5

07adc04fcbb48ece1a551a13003eccaf
SHA1

13738795f9ab302dda9db95559faac8d687bebdf
SHA256

27b25e77b9c1693f6fc4fe1af2bf688c7a0d2d307264339bf63d34e78a3185f2
SHA512

d620ed31ad0f6ad1ce7496db5814e18a348065c9445e9fac9bd9dc355ec4e3cc36420326f1af220dc6ffb80df3cdaec7615229b8835b93d026aefa442273f9bd
SSDEEP

1536:8MaL0yiVakqxVkDWzp9yjLhESsic2OKHiaRVZu:jRVEVBpoLhhbNOKCaRVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07adc04fcbb48ece1a551a13003eccaf_JaffaCakes118

Files

07adc04fcbb48ece1a551a13003eccaf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4f8efd28ed6483b4a3f2a78eaf856572

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\OOO320\src\binfilter\wntmsci12.pro\bin\bf_wrappermi.pdb

Imports

bf_svtmi

??1SvtModuleOptions@binfilter@@UAE@XZ
?SearchFile@SvtPathOptions@binfilter@@QAEEAAVString@@W4Pathes@12@@Z
??0SvtPathOptions@binfilter@@QAE@XZ
??1GraphicDescriptor@binfilter@@UAE@XZ
??1FilterConfigItem@binfilter@@QAE@XZ
??1SvtPathOptions@binfilter@@UAE@XZ
??0FilterConfigItem@binfilter@@QAE@ABVOUString@rtl@@@Z
?GetImportFormatTypeName@GraphicFilter@binfilter@@QAE?AVString@@G@Z
?GetImportFormatNumberForShortName@GraphicFilter@binfilter@@QAEGABVString@@@Z
?GetImportFormatShortName@GraphicDescriptor@binfilter@@SA?AVString@@G@Z
?Detect@GraphicDescriptor@binfilter@@UAEEE@Z
??0GraphicDescriptor@binfilter@@QAE@AAVSvStream@@PBVString@@@Z
?IsImpress@SvtModuleOptions@binfilter@@QBEEXZ
?IsDraw@SvtModuleOptions@binfilter@@QBEEXZ
?IsWriter@SvtModuleOptions@binfilter@@QBEEXZ
?ListenersGone@SfxBroadcaster@binfilter@@MAEXXZ
??0SvtModuleOptions@binfilter@@QAE@XZ
?IsModuleInstalled@SvtModuleOptions@binfilter@@QBEEW4EModule@12@@Z
?WriteInt32@FilterConfigItem@binfilter@@QAEXABVOUString@rtl@@J@Z

bf_ofami

??0OfficeApplication@binfilter@@QAE@XZ

vclmi

?GetSolarMutex@Application@@SAAAVIMutex@vos@@XZ

sotmi

?QueryDelete@SotObject@@UAEXXZ
?PutSuperClass@SotFactory@@QAEXPBV1@@Z
?GetError@SotStorage@@QBEKXZ
?SOTDATA@@YAPAUSotData_Impl@@XZ

sal3

osl_getThreadTextEncoding
rtl_ustr_asciil_reverseEquals_WithLength
rtl_createTextToUnicodeContext
rtl_convertTextToUnicode
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLength
rtl_createTextToUnicodeConverter
rtl_uString_acquire
rtl_ustr_indexOfStr_WithLength
rtl_destroyTextToUnicodeContext
rtl_destroyTextToUnicodeConverter
osl_loadModuleRelative
osl_getSymbol
osl_incrementInterlockedCount
rtl_freeMemory
rtl_allocateMemory
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_destroyMutex
osl_createMutex
rtl_uString_newFromAscii
rtl_ustr_ascii_compare_WithLength
rtl_ustr_compare_WithLength
rtl_uString_newConcat
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_uString_new
osl_unloadModule

tlmi

??5SvStream@@QAEAAV0@AAG@Z
??5SvStream@@QAEAAV0@AAD@Z
?First@Container@@QAEPAXXZ
?Next@Container@@QAEPAXXZ
?GetAppData@@YAPAPAXG@Z
?ToUpperAscii@String@@QAEAAV1@XZ
?SearchAscii@String@@QBEGPBDG@Z
?GetMainURL@INetURLObject@@QBE?AVOUString@rtl@@W4DecodeMechanism@1@G@Z
??0String@@QAE@ABVOUString@rtl@@@Z
??0INetURLObject@@QAE@ABVOUString@rtl@@W4EncodeMechanism@0@G@Z
?getExtension@INetURLObject@@QBE?AVOUString@rtl@@J_NW4DecodeMechanism@1@G@Z
??1INetURLObject@@QAE@XZ
?EqualsIgnoreCaseAscii@String@@QBEEPBD@Z
?ReleaseReference@SvRefBase@@QAEXXZ
??1SvGlobalName@@QAE@XZ
??4SvGlobalName@@QAEAAV0@ABV0@@Z
??0SvGlobalName@@QAE@KGGEEEEEEEE@Z
??0SvGlobalName@@QAE@XZ
??8SvGlobalName@@QBEEABV0@@Z
??1String@@QAE@XZ
??BString@@QBE?AVOUString@rtl@@XZ
??0String@@QAE@PBDGGK@Z
?CreateFromAscii@String@@SA?AV1@PBDG@Z
?CreateFromAscii@String@@SA?AV1@PBD@Z
?Seek@SvStream@@QAEKK@Z
?Read@SvStream@@QAEKPAXK@Z
?GetError@SvStream@@QBEKXZ
?EqualsAscii@String@@QBEEPBD@Z
?AssignAscii@String@@QAEAAV1@PBD@Z
??0String@@QAE@XZ
?Equals@String@@QBEEABV1@@Z
?AddRef@SvRefBase@@QAEKXZ
?Assign@String@@QAEAAV1@ABV1@@Z
?EqualsAscii@String@@QBEEPBDGG@Z
??5SvStream@@QAEAAV0@AAE@Z
?GetBufferAccess@String@@QAEPAGXZ
?ReleaseBufferAccess@String@@QAEXG@Z
?AllocBuffer@String@@QAEPAGG@Z
?Search@String@@QBEGABV1@G@Z
?Append@String@@QAEAAV1@ABV1@@Z
?CreateFromInt32@String@@SA?AV1@JF@Z
?Append@String@@QAEAAV1@G@Z
??1SvFileStream@@UAE@XZ
?Close@SvFileStream@@QAEXXZ
??0SvFileStream@@QAE@ABVString@@G@Z
??0ByteString@@QAE@XZ
??1ByteString@@QAE@XZ
?AppendAscii@String@@QAEAAV1@PBDG@Z
??0ByteString@@QAE@ABVString@@GK@Z
??0String@@QAE@ABV0@@Z
?CompareToAscii@String@@QBE?AW4StringCompare@@PBDG@Z
?Append@ByteString@@QAEAAV1@D@Z

cppu3

typelib_static_type_init
uno_any_destruct
typelib_static_type_getByTypeClass
typelib_static_sequence_type_init
uno_type_destructData
uno_type_sequence_construct
uno_type_sequence_reference2One

cppuhelper3msc

??1OWeakObject@cppu@@MAE@XZ
??0OWeakObject@cppu@@QAE@XZ
??1OInterfaceContainerHelper@cppu@@QAE@XZ
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?createOneInstanceFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?disposeAndClear@OInterfaceContainerHelper@cppu@@QAAXABUEventObject@lang@star@sun@com@@@Z
??0OInterfaceContainerHelper@cppu@@QAE@AAVMutex@osl@@@Z
?removeInterface@OInterfaceContainerHelper@cppu@@QAAJABV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@@Z
?addInterface@OInterfaceContainerHelper@cppu@@QAAJABV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@@Z
?release@OWeakObject@cppu@@UAAXXZ
?acquire@OWeakObject@cppu@@UAAXXZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ

bf_svxmi

?GetURLObject@SfxMedium@binfilter@@QBEABVINetURLObject@@XZ
?GetContainer@SfxFilterMatcher@binfilter@@QBEPAVSfxFilterContainer@2@ABVString@@@Z
?GetFilterMatcher@SfxApplication@binfilter@@QAEAAVSfxFilterMatcher@2@XZ
?GetName@SfxFilterContainer@binfilter@@QBE?BVString@@XZ
?GetOrigURL@SfxMedium@binfilter@@QBEABVString@@XZ
?Type@SfxModule@binfilter@@UBEP6APAXXZXZ
?IsA@SfxModule@binfilter@@UBEEP6APAXXZ@Z
??0SdrGlobalData@binfilter@@QAE@XZ
??1SdrGlobalData@binfilter@@QAE@XZ
??0SfxModule@binfilter@@QAA@PAVResMgr@@EPAVSfxObjectFactory@1@ZZ
?QueryUnload@SfxModule@binfilter@@MAEEXZ
?Free@SfxModule@binfilter@@UAEXXZ
?GetResMgr@SfxModule@binfilter@@UAEPAVResMgr@@XZ
??1SfxModule@binfilter@@UAE@XZ
?IsOf@SfxModule@binfilter@@SAEP6APAXXZ@Z
?ClassFactory@SfxInPlaceObject@binfilter@@SAPAVSotFactory@@XZ
??0SfxObjectFactory@binfilter@@QAE@ABVSvGlobalName@@ABVString@@P6APAXPAPAVSotObject@@@Z@Z
?SetDocumentServiceName@SfxObjectFactory@binfilter@@QAEXABVOUString@rtl@@@Z
?RegisterInitFactory@SfxObjectFactory@binfilter@@QAEXP6AXXZ@Z
?Construct@SfxObjectFactory@binfilter@@QAEXGP6APAVSfxObjectShell@2@W4SfxObjectCreateMode@2@@ZKPBD@Z
?GetGrfFilter@binfilter@@YAPAVGraphicFilter@1@XZ
?CloseInStream@SfxMedium@binfilter@@QAEXXZ
?GetPhysicalName@SfxMedium@binfilter@@QBEABVString@@XZ
?GetFilterContainer@SfxObjectFactory@binfilter@@QBEPAVSfxFactoryFilterContainer@2@E@Z
?IsStorage@SfxMedium@binfilter@@QAEEXZ
?GetStorage@SfxMedium@binfilter@@QAEPAVSvStorage@2@XZ
?GetFilter@SfxApplication@binfilter@@QBEPBVSfxFilter@2@ABVSfxObjectFactory@2@ABVString@@@Z
?GetInStream@SfxMedium@binfilter@@QAEPAVSvStream@@XZ
?GetOrCreate@SfxApplication@binfilter@@SAPAV12@XZ
?GetErrorCode@SfxMedium@binfilter@@QBEKXZ

utlmi

?CreateTempName@TempFile@utl@@SA?AVString@@PBV3@@Z
??1ConfigItem@utl@@UAE@XZ
?GetProperties@ConfigItem@utl@@IAE?AV?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@ABV?$Sequence@VOUString@rtl@@@4567@@Z
??0ConfigItem@utl@@IAE@VOUString@rtl@@F@Z
?Notify@ConfigItem@utl@@UAEXABV?$Sequence@VOUString@rtl@@@uno@star@sun@com@@@Z
?Commit@ConfigItem@utl@@UAEXXZ
?ConvertPhysicalNameToURL@LocalFileHelper@utl@@SAEABVString@@AAV3@@Z

comphelp4msc

?getBOOL@comphelper@@YAEABVAny@uno@star@sun@com@@@Z

legacy_binfiltersmi

legcy_setBinfilterInitState
getLegacyProcessServiceFactory

msvcr90

_encoded_null
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
free
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memcpy
strncmp
_initterm
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ

kernel32

UnhandledExceptionFilter
GetProcAddress
LoadLibraryA
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary

bf_somi

??0SvStorage@binfilter@@QAE@ABVString@@GF@Z
??_DSvStorage@binfilter@@IAEXXZ
?OpenSotStream@SvStorage@binfilter@@QAEPAVSotStorageStream@@ABVString@@GF@Z
??_ESvStorage@binfilter@@MAEPAXI@Z
?IsStorageFile@SvStorage@binfilter@@SAEABVString@@@Z
?Register@SvFactory@binfilter@@QAEXXZ

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f8efd28ed6483b4a3f2a78eaf856572

Headers

File Characteristics

PDB Paths

Imports

bf_svtmi

bf_ofami

vclmi

sotmi

sal3

tlmi

cppu3

cppuhelper3msc

bf_svxmi

utlmi

comphelp4msc

legacy_binfiltersmi

msvcr90

kernel32

bf_somi

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB