19244e43cbc3287586220dfea6e73260_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19244e43cbc3287586220dfea6e73260_JaffaCakes118
Size

145KB
MD5

19244e43cbc3287586220dfea6e73260
SHA1

76cd79f83cf87946140c165c0686c65da0b95e06
SHA256

a40ddfdf1f38013c30f7b2b3a3777d11443791b38c620cff369b58a96e6a7afc
SHA512

c662e7d035538953e8c0903a7fc75e1fa186b979dd06d1b4d4215fd8100a17db0d5d77ad99c5f25020ee8099acb2eccbe959833ec4509777b9438148d9e6f921
SSDEEP

3072:yuoPFUBG34Nui9Lb4MVTQ5eD9EpeWPSfquLwlufy013O1c9Z:yjUBGeVV65AExS9y013O1c3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19244e43cbc3287586220dfea6e73260_JaffaCakes118

Files

19244e43cbc3287586220dfea6e73260_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5f59dd9dad2255b1299398844a4e8422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\embedserv\wntmsci12.pro\bin\emsermi.pdb

Imports

sal3

osl_setThreadKeyData
osl_getThreadKeyData
rtl_uString_new
rtl_uString_acquire
rtl_uString_newFromStr
rtl_string2UString
osl_destroyThreadKey
rtl_ustr_ascii_compare_WithLength
osl_createMutex
osl_destroyMutex
rtl_getGlobalProcessId
osl_decrementInterlockedCount
osl_createThreadKey
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_incrementInterlockedCount
rtl_freeMemory
rtl_allocateMemory
rtl_uString_newFromAscii
rtl_uString_newConcat
rtl_ustr_reverseCompare_WithLength
rtl_uString_assign
rtl_ustr_compare_WithLength
rtl_uString_release

cppu3

cppu_unsatisfied_iquery_msg
uno_type_assignData
uno_type_any_assign
uno_type_sequence_realloc
typelib_typedescriptionreference_release
typelib_typedescriptionreference_acquire
typelib_typedescriptionreference_assign
typelib_static_sequence_type_init
typelib_static_type_getByTypeClass
uno_type_sequence_assign
uno_type_equalData
uno_any_destruct
uno_type_any_construct
uno_any_construct
typelib_static_type_init
typelib_typedescriptionreference_equals
uno_type_sequence_reference2One
uno_type_destructData
uno_type_sequence_construct

cppuhelper3msc

?createOneInstanceFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?acquire@OWeakObject@cppu@@UAAXXZ
?getElements@OInterfaceContainerHelper@cppu@@QBA?AV?$Sequence@V?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@@uno@star@sun@com@@XZ
?getLength@OInterfaceContainerHelper@cppu@@QBAJXZ
?clear@WeakReferenceHelper@uno@star@sun@com@@QAAXXZ
?disposeAndClear@OInterfaceContainerHelper@cppu@@QAAXABUEventObject@lang@star@sun@com@@@Z
?removeInterface@OInterfaceContainerHelper@cppu@@QAAJABV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@@Z
??0OInterfaceContainerHelper@cppu@@QAE@AAVMutex@osl@@@Z
?addInterface@OInterfaceContainerHelper@cppu@@QAAJABV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@@Z
??0WeakReferenceHelper@uno@star@sun@com@@QAE@ABV?$Reference@VXInterface@uno@star@sun@com@@@1234@@Z
??1OInterfaceContainerHelper@cppu@@QAE@XZ
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?get@WeakReferenceHelper@uno@star@sun@com@@QBA?AV?$Reference@VXInterface@uno@star@sun@com@@@2345@XZ
??4WeakReferenceHelper@uno@star@sun@com@@QAAAAV01234@ABV?$Reference@VXInterface@uno@star@sun@com@@@1234@@Z
??1WeakReferenceHelper@uno@star@sun@com@@QAE@XZ
??1OImplementationId@cppu@@QAE@XZ
??0OTypeCollection@cppu@@QAE@ABVType@uno@star@sun@com@@0ABV?$Sequence@VType@uno@star@sun@com@@@3456@@Z
?queryInterface@OWeakObject@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
?getImplementationId@OImplementationId@cppu@@QBA?AV?$Sequence@C@uno@star@sun@com@@XZ
??0OWeakObject@cppu@@QAE@XZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
??1OWeakObject@cppu@@MAE@XZ
?release@OWeakObject@cppu@@UAAXXZ

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CreateDataAdviseHolder
StgCreateDocfile
WriteFmtUserTypeStg
CoGetMalloc
CoTaskMemFree
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

gdi32

SetRectRgn
SelectObject
SelectClipRgn
GetClipBox
PatBlt
CreateBitmap
CreateRectRgnIndirect
SetMapMode
LPtoDP
CreateRectRgn
CombineRgn
DeleteObject
CreatePen
RestoreDC
CreateSolidBrush
SetBkMode
UnrealizeObject
Rectangle
SetROP2
CreatePatternBrush
SetViewportOrgEx
SetWindowOrgEx

oleaut32

SysFreeString
VariantClear
VarUI4FromStr

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

msvcr90

??_V@YAXPAX@Z
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
strstr
malloc
free
memcpy_s
strncpy_s
_resetstkoflw
_recalloc
??_U@YAPAXI@Z
memmove_s
?terminate@@YAXXZ
_unlock
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??0exception@std@@QAE@ABV01@@Z
__dllonexit
wcsncpy

uwinapi

GetMenuItemInfoW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
SetWindowLongA
GetWindowLongA
SetMenuItemInfoW

kernel32

DeleteCriticalSection
InitializeCriticalSection
RaiseException
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetProfileIntA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLastError

user32

DispatchMessageA
EqualRect
GetMessageA
ReleaseCapture
CopyRect
SetRectEmpty
ClientToScreen
InflateRect
IntersectRect
SetWindowPos
LoadCursorA
RegisterClassA
DefWindowProcA
SendMessageA
GetCursorPos
ScreenToClient
GetParent
BeginPaint
EndPaint
CreateWindowExA
IsWindow
DestroyWindow
CharNextA
RegisterClipboardFormatA
GetDC
ReleaseDC
SetFocus
CreateMenu
GetMenuItemCount
GetWindow
ShowWindow
SetParent
GetClientRect
SetWindowRgn
SetRect
GetSubMenu
GetMenuStringA
InsertMenuA
UpdateWindow
SetCapture
GetCapture
PtInRect
SetCursor
FillRect
GetDCEx

stlport_vc7145

?_M_fill_insert@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXPAPAXIABQAX@Z
?get_allocator@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QBE?AV?$allocator@PAX@2@XZ
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@IABQAXABV?$allocator@PAX@1@@Z
?swap@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXAAV12@@Z
?clear@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXXZ
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@ABV?$allocator@PAX@1@@Z
??1?$allocator@PAX@_STL@@QAE@XZ
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
??1?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@XZ
?reserve@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXI@Z

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f59dd9dad2255b1299398844a4e8422

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

cppu3

cppuhelper3msc

ole32

gdi32

oleaut32

advapi32

msvcr90

uwinapi

kernel32

user32

stlport_vc7145

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB