0ed6819e3f3e78812058d0f5bcda0810_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ed6819e3f3e78812058d0f5bcda0810_JaffaCakes118
Size

57KB
MD5

0ed6819e3f3e78812058d0f5bcda0810
SHA1

9dcae83eae5d70ea71b2ad4e3f7ba8773b3de28e
SHA256

9b50920295c19510c4b4de3dd98e39cf8ba6bbc6841fe18491ad0b7c486ee9c1
SHA512

12495872725f54d331200c6ccfae84d45287e6ce5eba46feff5b76b81d3c7669a66461b1bd45572f7db9abe2a1134349a85fa286135cad069f2e835295717357
SSDEEP

1536:v3K21pkFNPPBV5udgVraYO3YAATi5DqmQwPXOhrEi:S27kfPPFudgVzADzQ4XOhrE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ed6819e3f3e78812058d0f5bcda0810_JaffaCakes118

Files

0ed6819e3f3e78812058d0f5bcda0810_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b3556630ec8935125f14d2974118223b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\AOO\sources\builds\main\avmedia\wntmsci12.pro\bin\avmediawin.pdb

Imports

cppu3

uno_type_assignData
uno_type_sequence_reference2One
typelib_static_type_init
uno_any_destruct
uno_type_destructData
uno_type_sequence_construct
typelib_static_type_getByTypeClass
typelib_static_sequence_type_init

sal3

rtl_uString_newFromAscii
rtl_ustr_asciil_reverseEquals_WithLength
osl_incrementInterlockedCount
osl_acquireMutex
osl_releaseMutex
osl_getGlobalMutex
osl_createMutex
osl_destroyMutex
rtl_uString_new
rtl_string2UString
rtl_str_compare
rtl_freeMemory
rtl_allocateMemory
rtl_uString_release
rtl_uString_assign

cppuhelper3msc

?dispose@WeakComponentImplHelperBase@cppu@@UAAXXZ
??1OMultiTypeInterfaceContainerHelper@cppu@@QAE@XZ
?addInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?removeInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?createSingleFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
??1OWeakObject@cppu@@MAE@XZ
??0OWeakObject@cppu@@QAE@XZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?release@OWeakObject@cppu@@UAAXXZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
??1WeakComponentImplHelperBase@cppu@@UAE@XZ
?acquire@WeakComponentImplHelperBase@cppu@@UAAXXZ
?release@WeakComponentImplHelperBase@cppu@@UAAXXZ
?WeakComponentImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?addEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
?removeEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
??1OInterfaceIteratorHelper@cppu@@QAE@XZ
??0WeakComponentImplHelperBase@cppu@@IAE@AAVMutex@osl@@@Z
?WeakComponentImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVWeakComponentImplHelperBase@1@@Z
??0OMultiTypeInterfaceContainerHelper@cppu@@QAE@AAVMutex@osl@@@Z
?getContainer@OMultiTypeInterfaceContainerHelper@cppu@@QBAPAVOInterfaceContainerHelper@2@ABVType@uno@star@sun@com@@@Z
??0OInterfaceIteratorHelper@cppu@@QAE@AAVOInterfaceContainerHelper@1@@Z
?next@OInterfaceIteratorHelper@cppu@@QAAPAVXInterface@uno@star@sun@com@@XZ

utl

?ConvertURLToPhysicalName@LocalFileHelper@utl@@SAEABVString@@AAV3@@Z

tl

??0SvMemoryStream@@QAE@PAXKG@Z
??1SvMemoryStream@@UAE@XZ
??1INetURLObject@@QAE@XZ
??0String@@QAE@XZ
??0String@@QAE@ABVOUString@rtl@@@Z
??1String@@QAE@XZ
??0INetURLObject@@QAE@ABVOUString@rtl@@W4EncodeMechanism@0@G@Z
?GetMainURL@INetURLObject@@QBE?AVOUString@rtl@@W4DecodeMechanism@1@G@Z

vcl

?Read@Bitmap@@QAEEAAVSvStream@@E@Z
??0Graphic@@QAE@ABVBitmap@@@Z
?GetXGraphic@Graphic@@QBE?AV?$Reference@VXGraphic@graphic@star@sun@com@@@uno@star@sun@com@@XZ
??1Graphic@@UAE@XZ
??1Bitmap@@QAE@XZ
??0Bitmap@@QAE@XZ

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString

gdi32

GetStockObject

msvcr90

_decode_pointer
_initterm
_initterm_e
_amsg_exit
_encoded_null
free
_malloc_crt
_encode_pointer
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
memset
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
__CppXcptFilter
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_adjust_fdiv

uwinapi

GetWindowLongA
SetWindowLongA
EnableWindow

kernel32

GetVersionExA
GetModuleHandleA
InterlockedExchange
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

DefWindowProcA
DestroyWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
SetCursor
RedrawWindow
SetWindowPos
GetClientRect
SetFocus
ScreenToClient
GetCursorPos
WindowFromDC

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3556630ec8935125f14d2974118223b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cppu3

sal3

cppuhelper3msc

utl

tl

vcl

ole32

oleaut32

gdi32

msvcr90

uwinapi

kernel32

user32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB