39bf3b887705ca9dca533d4bdbf659cd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39bf3b887705ca9dca533d4bdbf659cd_JaffaCakes118
Size

151KB
MD5

39bf3b887705ca9dca533d4bdbf659cd
SHA1

054528024f4ece5fe5712549b99ef5b0b0c508e7
SHA256

83266f9b8e34717420554443c3ff6ab57940584bf30ef41562912030a8a60282
SHA512

27ba6823a2828ca61e8f72621d9cb40f89516eb42f0efbaa980dd15f02dc72d03fd21706022459cbf76f2cf8e86a62b99a974c6aa8ab42d3939cca575e046b3f
SSDEEP

3072:CdjyH/4sZTgEBMnx21kRlZ3FyT1OVkoshX3RAURJ4JvRY5A17X8pXOfbw:UjyH/4sZTgiM81kRT3W92WkvKU8pXOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39bf3b887705ca9dca533d4bdbf659cd_JaffaCakes118

Files

39bf3b887705ca9dca533d4bdbf659cd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f8a33da62c49954cf54f116dfd4d6d58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\l10ntools\wntmsci12.pro\bin\helplinkermi.pdb

Imports

sal3

osl_waitThread
osl_createDirectoryPath
osl_removeDirectory
osl_getThreadTextEncoding
osl_closeDirectory
osl_openDirectory
osl_removeFile
osl_moveFile
osl_copyFile
osl_getGlobalTimer
rtl_string_newFromStr
osl_getProcessWorkingDir
osl_getFileStatus
osl_getDirectoryItem
osl_releaseDirectoryItem
osl_readFile
osl_closeFile
osl_openFile
rtl_fillMemory
osl_getFileURLFromSystemPath
osl_getSystemPathFromFileURL
osl_getAbsoluteFileURL
rtl_uString_newFromAscii
rtl_uString_newConcat
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_uString_newFromStr_WithLength
rtl_uString_acquire
rtl_uString_new
rtl_string_release
rtl_uString2String
osl_getNextDirectoryItem

libxslt

xsltApplyStylesheet
xsltParseStylesheetFile
xsltFreeStylesheet

libxml2

xmlDocGetRootElement
xmlCopyDoc
xmlDocSetRootElement
xmlXPathNewContext
xmlXPathEvalExpression
xmlXPathFreeContext
xmlStrcmp
xmlXPathFreeObject
xmlCopyNode
xmlGetProp
xmlAddChild
xmlParseFile
xmlSubstituteEntitiesDefault
__xmlLoadExtDtdDefaultValue
xmlNodeIsText
xmlNodeGetContent
xmlFree
__xmlKeepBlanksDefaultValue
xmlFreeDoc
xmlSetStructuredErrorFunc

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_onexit
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
malloc
realloc
free
memcpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
exit
toupper
tolower
fopen
fclose
??2@YAPAXI@Z
isalnum
strchr
fprintf
fwrite
__iob_func
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memset
memmove
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
_lock

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

stlport_vc7145

??1?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@XZ
??1?$allocator@D@_STL@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@ABV01@@Z
??Y?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV01@D@Z
??4?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV01@PBD@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEXPBD@Z
?flush@?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV12@XZ
?put@?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV12@D@Z
?widen@?$basic_ios@DV?$char_traits@D@_STL@@@_STL@@QBEDD@Z
??1?$_Isentry@DV?$char_traits@D@_STL@@@_STL@@QAE@XZ
?clear@?$basic_ios@DV?$char_traits@D@_STL@@@_STL@@QAEXH@Z
?sputbackc@?$basic_streambuf@DV?$char_traits@D@_STL@@@_STL@@QAEHD@Z
?push_back@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEXD@Z
?sbumpc@?$basic_streambuf@DV?$char_traits@D@_STL@@@_STL@@QAEHXZ
?reserve@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEXI@Z
?clear@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEXXZ
??0?$_Isentry@DV?$char_traits@D@_STL@@@_STL@@QAE@AAV?$basic_istream@DV?$char_traits@D@_STL@@@1@_N@Z
?append@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV12@ABV12@@Z
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@U_String_reserve_t@1@IABV?$allocator@D@1@@Z
?get_allocator@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBE?AV?$allocator@D@2@XZ
?sputc@?$basic_streambuf@DV?$char_traits@D@_STL@@@_STL@@QAEHD@Z
??4?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV01@ABV01@@Z
??1?$_Osentry@DV?$char_traits@D@_STL@@@_STL@@QAE@XZ
?sputn@?$basic_streambuf@DV?$char_traits@D@_STL@@@_STL@@QAEHPBDH@Z
??0?$_Osentry@DV?$char_traits@D@_STL@@@_STL@@QAE@AAV?$basic_ostream@DV?$char_traits@D@_STL@@@1@@Z
??1?$allocator@PAX@_STL@@QAE@XZ
??1?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@XZ
?swap@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXAAV12@@Z
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@IABQAXABV?$allocator@PAX@1@@Z
?get_allocator@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QBE?AV?$allocator@PAX@2@XZ
?_M_fill_insert@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXPAPAXIABQAX@Z
?reserve@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXI@Z
?deallocate@?$allocator@D@_STL@@QBEXPADI@Z
?_M_deallocate_block@?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAEXXZ
?allocate@?$allocator@D@_STL@@QBEPADIPBX@Z
?_M_throw_length_error@?$_String_base@DV?$allocator@D@_STL@@@_STL@@QBEXXZ
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@ABV?$allocator@PAX@1@@Z
?_M_allocate_block@?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAEXI@Z
??Y?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV01@ABV01@@Z
??1?$_String_base@DV?$allocator@D@_STL@@@_STL@@QAE@XZ
??1?$_STLP_alloc_proxy@PADDV?$allocator@D@_STL@@@_STL@@QAE@XZ
?size@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIXZ
??_D?$basic_stringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEXXZ
??_D?$basic_ifstream@DV?$char_traits@D@_STL@@@_STL@@QAEXXZ
?rfind@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIDI@Z
?find@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIPBDII@Z
?str@?$basic_stringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBE?AV?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@H@Z
?cerr@_STL@@3V?$basic_ostream@DV?$char_traits@D@_STL@@@1@A
?rfind@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIPBDII@Z
??6?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV01@I@Z
?cout@_STL@@3V?$basic_ostream@DV?$char_traits@D@_STL@@@1@A
?close@?$basic_ifstream@DV?$char_traits@D@_STL@@@_STL@@QAEXXZ
??0?$basic_ifstream@DV?$char_traits@D@_STL@@@_STL@@QAE@PBDH@Z
?substr@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBE?AV12@II@Z
?compare@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEHPBD@Z
??1?$basic_ios@DV?$char_traits@D@_STL@@@_STL@@UAE@XZ
??1?$basic_ifstream@DV?$char_traits@D@_STL@@@_STL@@UAE@XZ
??6?$basic_ostream@DV?$char_traits@D@_STL@@@_STL@@QAEAAV01@N@Z
??0_Loc_init@ios_base@_STL@@QAE@XZ
??0Init@ios_base@_STL@@QAE@XZ
??1_Loc_init@ios_base@_STL@@QAE@XZ
??1Init@ios_base@_STL@@QAE@XZ
?erase@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEPADPAD0@Z
?find_first_not_of@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIDI@Z
?erase@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIDI@Z
?find@?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QBEIDI@Z

Exports

Exports

?compileExtensionHelp@@YA_NABVOUString@rtl@@00JPBV12@0AAUHelpProcessingErrorInfo@@@Z
GetVersionInfo

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8a33da62c49954cf54f116dfd4d6d58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

libxslt

libxml2

msvcr90

kernel32

stlport_vc7145

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB