2f3e7213640d3b432b4a776f79486a35_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2f3e7213640d3b432b4a776f79486a35_JaffaCakes118
Size

112KB
MD5

2f3e7213640d3b432b4a776f79486a35
SHA1

29faae3ae033e768848dae1c0c82dfb82a68ee6f
SHA256

752360fa2e2025d744e7f022a3efc93531ec918b2bccbb581b702634c9713444
SHA512

58bc3cec62c96a1dc481fd9205ec59f4436bd445d0e246dfa47589ca046bb8ac7f39557b05b16b8d8a431ed1ab851ffe3d824aa51005958a328d7cba83326356
SSDEEP

3072:djgOgvOGBdAFp2PDyXJdP+cUa/AYOj+I9yAX1g0uuNmfZOYpWRO:9JX1kRltLyZOY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f3e7213640d3b432b4a776f79486a35_JaffaCakes118

Files

2f3e7213640d3b432b4a776f79486a35_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f26119eb3fadedd71b98eca6a22f4912

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\dtrans\wntmsci12.pro\bin\dnd.pdb

Imports

sal3

rtl_compareMemory
rtl_getTextEncodingFromMimeCharset
rtl_getBestWindowsCharsetFromTextEncoding
rtl_ustr_valueOfInt64
rtl_ustr_valueOfInt32
rtl_string_release
rtl_uString2String
rtl_zeroMemory
rtl_copyMemory
rtl_ustr_compare_WithLength
rtl_uString_newConcat
rtl_ustr_getLength
rtl_getGlobalProcessId
osl_incrementInterlockedCount
rtl_ustr_toInt32
rtl_ustr_compareIgnoreAsciiCase_WithLength
rtl_uString_newFromStr_WithLength
rtl_uString_newFromStr
rtl_uString_acquire
rtl_uString_new
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_destroyMutex
osl_createMutex
rtl_ustr_reverseCompare_WithLength
rtl_str_compare
rtl_freeMemory
rtl_allocateMemory
rtl_uString_newFromAscii
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_moduleCount_acquire
rtl_moduleCount_release
rtl_moduleCount_canUnload

cppu3

typelib_typedescriptionreference_acquire
typelib_static_sequence_type_init
uno_type_sequence_construct
uno_type_destructData
uno_type_sequence_reference2One
typelib_static_type_init
uno_type_assignData
uno_type_sequence_assign
typelib_typedescriptionreference_release
typelib_typedescriptionreference_assign
typelib_typedescriptionreference_equals
uno_any_construct
uno_type_any_construct
uno_type_any_assign
uno_type_sequence_realloc
typelib_static_type_getByTypeClass
uno_any_destruct

cppuhelper3msc

?acquire@OWeakObject@cppu@@UAAXXZ
??1OWeakObject@cppu@@MAE@XZ
??0OInterfaceIteratorHelper@cppu@@QAE@AAVOInterfaceContainerHelper@1@@Z
?next@OInterfaceIteratorHelper@cppu@@QAAPAVXInterface@uno@star@sun@com@@XZ
??1OInterfaceIteratorHelper@cppu@@QAE@XZ
?removeInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?addInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?getContainer@OMultiTypeInterfaceContainerHelper@cppu@@QBAPAVOInterfaceContainerHelper@2@ABVType@uno@star@sun@com@@@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakComponentImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?release@OWeakObject@cppu@@UAAXXZ
??0OWeakObject@cppu@@QAE@XZ
?removeEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
?addEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
?dispose@WeakComponentImplHelperBase@cppu@@UAAXXZ
?release@WeakComponentImplHelperBase@cppu@@UAAXXZ
?acquire@WeakComponentImplHelperBase@cppu@@UAAXXZ
?disposing@WeakComponentImplHelperBase@cppu@@MAAXXZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
??0WeakComponentImplHelperBase@cppu@@IAE@AAVMutex@osl@@@Z
??1WeakComponentImplHelperBase@cppu@@UAE@XZ
?createSingleFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakComponentImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVWeakComponentImplHelperBase@1@@Z

uwinapi

RegisterClipboardFormatW
MultiByteToWideChar
WideCharToMultiByte
DragQueryFileW
GetClipboardFormatNameW

ole32

CoCreateInstance
CreateStreamOnHGlobal
GetHGlobalFromStream
OleUninitialize
CoTaskMemFree
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoGetCurrentProcess
OleInitialize
DoDragDrop
CoTaskMemAlloc
CoLockObjectExternal

gdi32

SetMetaFileBitsEx
SetEnhMetaFileBits
GetMetaFileBitsEx
GetEnhMetaFileBits
TranslateCharsetInfo

msvcr90

_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
??_U@YAPAXI@Z
memset
wcsncpy
_wcsicmp
memmove
strtol
??2@YAPAXI@Z
_beginthreadex
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
atol

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetOEMCP
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GlobalAlloc
GlobalSize
GlobalFree
GlobalLock
GlobalUnlock
GetACP
GetThreadLocale
IsBadReadPtr
IsBadWritePtr
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
InterlockedIncrement
CloseHandle
GetCurrentThreadId
IsDebuggerPresent
InterlockedDecrement

user32

GetWindowThreadProcessId
PeekMessageA
AttachThreadInput
PostThreadMessageA
RegisterClipboardFormatA
ScreenToClient
GetMessageA
TranslateMessage
DispatchMessageA

stlport_vc7145

?length@?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QBEIXZ
??0?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAE@PBGABV?$allocator@G@1@@Z
??4?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIXZ
?find@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIABV12@I@Z
?find@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIPBDI@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?setf@ios_base@_STL@@QAEHHH@Z
??1runtime_error@_STL@@UAE@XZ
??0runtime_error@_STL@@QAE@ABV?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@1@@Z
?what@__Named_exception@_STL@@UBEPBDXZ
??1?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAE@XZ
??0?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAE@XZ
??1?$allocator@G@_STL@@QAE@XZ
??0?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$allocator@G@_STL@@QAE@XZ
?rfind@?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QBEIPBGI@Z
?c_str@?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QBEPBGXZ
??4runtime_error@_STL@@QAEAAV01@ABV01@@Z
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEXPBD@Z
?_M_put_char@?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEXD@Z
?fill@?$basic_ios@DV?$char_traits@D@_STL@@@_STL@@QAEDD@Z
??0?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAE@ABV01@@Z
?width@ios_base@_STL@@QAEHH@Z
??1?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@XZ
??_D?$basic_ostringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEXXZ
?str@?$basic_ostringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBE?AV?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV01@I@Z
??6?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@H@Z
??1?$allocator@D@_STL@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@PBDABV?$allocator@D@1@@Z
??0?$allocator@D@_STL@@QAE@XZ
??0runtime_error@_STL@@QAE@ABV01@@Z
??0__Named_exception@_STL@@QAE@ABV01@@Z
?_M_terminate_string@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@AAEXXZ
?_M_allocate_block@?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAEXI@Z
??4?$basic_string@GV?$char_traits@G@_STL@@V?$allocator@G@2@@_STL@@QAEAAV01@PBG@Z
??1?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAE@XZ
??0?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEPBDXZ
??Y?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV01@ABV01@@Z

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f26119eb3fadedd71b98eca6a22f4912

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

cppu3

cppuhelper3msc

uwinapi

ole32

gdi32

msvcr90

kernel32

user32

stlport_vc7145

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB