16ac3ee1a05653cee4a8a6767f2cecc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ac3ee1a05653cee4a8a6767f2cecc8_JaffaCakes118
Size

90KB
MD5

16ac3ee1a05653cee4a8a6767f2cecc8
SHA1

526276221377ab66d48de9497f78faec2c0b3661
SHA256

1fda557157389ea0c539bd556c413bce93ba70f00780e2b6dce5d271d2b590f6
SHA512

80b06212ddb036af85ae6a627c7c692c07a6d665fdffec259e0117e953b19dd5c286435ce51b27febdb0f2af7ebf26676a34c8ab5e7c298cbbae98eb8626fb20
SSDEEP

1536:wRaF7sJLadZGRvaFAIXm8URLinLEjMXwM03OAFF0iL2O798:CIsJ22iiIW8UKU0iL2O798

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ac3ee1a05653cee4a8a6767f2cecc8_JaffaCakes118

Files

16ac3ee1a05653cee4a8a6767f2cecc8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

39d0e9589e69ade515d2263c2fdfb3f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\jvmfwk\wntmsci12.pro\bin\jvmfwk3.pdb

Imports

cppuhelper3msc

?bootstrap_expandUri@cppu@@YA?AVOUString@rtl@@ABV23@@Z

sal3

osl_searchFileURL
osl_getExecutableFile
rtl_uriConvertRelToAbs
rtl_bootstrap_get
osl_getModuleURLFromFunctionAddress
rtl_ustr_lastIndexOfChar_WithLength
rtl_ustr_indexOfChar_WithLength
rtl_string_newFromStr_WithLength
osl_getSystemTime
osl_createDirectoryPath
osl_getFileStatus
osl_getDirectoryItem
osl_releaseDirectoryItem
osl_setFileSize
osl_setFilePos
osl_closeFile
osl_openFile
rtl_fillMemory
rtl_byte_sequence_reference2One
rtl_byte_sequence_constructFromArray
rtl_byte_sequence_assign
rtl_byte_sequence_construct
rtl_ustr_valueOfInt64
rtl_str_getLength
osl_getSystemPathFromFileURL
rtl_bootstrap_get_from_handle
rtl_bootstrap_args_open
osl_getFileURLFromSystemPath
osl_getAbsoluteFileURL
rtl_uStringbuffer_insert_ascii
rtl_uStringbuffer_insert
rtl_uString_new_WithLength
rtl_uString_newFromAscii
rtl_ustr_valueOfInt32
rtl_uString_newFromStr_WithLength
rtl_ustr_toInt64
rtl_uString_getToken
rtl_uString_newTrim
rtl_uString_newConcat
rtl_uString_assign
osl_getThreadTextEncoding
osl_loadModule
rtl_allocateMemory
rtl_copyMemory
rtl_freeMemory
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_destroyMutex
osl_createMutex
osl_getFunctionSymbol
osl_unloadModule
rtl_byte_sequence_equals
rtl_byte_sequence_release
rtl_byte_sequence_acquire
rtl_ustr_reverseCompare_WithLength
rtl_ustr_compare_WithLength
rtl_uString_release
rtl_string2UString
rtl_uString_acquire
rtl_uString_new
rtl_string_newConcat
rtl_str_reverseCompare_WithLength
rtl_str_compare_WithLength
rtl_string_assign
rtl_string_release
rtl_uString2String
rtl_string_newFromStr
rtl_string_acquire
rtl_string_new

libxml2

xmlNodeSetContent
xmlSaveFormatFile
xmlNewDoc
xmlNewDocComment
xmlNewDocNode
xmlNewNs
xmlDocSetRootElement
xmlNewComment
xmlAddPrevSibling
xmlSaveFormatFileEnc
xmlSetProp
xmlUnlinkNode
xmlFreeNode
xmlNewChild
xmlNodeSetContentLen
xmlGetNsProp
xmlDocGetRootElement
xmlSearchNsByHref
xmlXPathFreeObject
xmlXPathFreeContext
xmlFreeDoc
xmlCharStrdup
xmlFree
xmlNodeListGetString
xmlXPathEvalExpression
xmlXPathRegisterNs
xmlXPathNewContext
xmlParseFile
xmlGetProp
xmlStrcmp
xmlAddChild
xmlNewText
xmlSetNsProp
xmlNewTextChild

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

msvcr90

_except_handler4_common
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
getenv
??2@YAPAXI@Z
??_U@YAPAXI@Z
__iob_func
fprintf
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
__CppXcptFilter
?terminate@@YAXXZ

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

stlport_vc7145

?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z

Exports

Exports

GetVersionInfo
jfw_addJRELocation
jfw_areEqualJavaInfo
jfw_existJRE
jfw_findAllJREs
jfw_findAndSelectJRE
jfw_freeJavaInfo
jfw_getEnabled
jfw_getJRELocations
jfw_getJavaInfoByPath
jfw_getSelectedJRE
jfw_getUserClassPath
jfw_getVMParameters
jfw_isVMRunning
jfw_lock
jfw_setEnabled
jfw_setJRELocations
jfw_setSelectedJRE
jfw_setUserClassPath
jfw_setVMParameters
jfw_startVM
jfw_unlock

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d0e9589e69ade515d2263c2fdfb3f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cppuhelper3msc

sal3

libxml2

advapi32

msvcr90

kernel32

stlport_vc7145

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB