3fae85c1d8702e711dc592e003242214_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fae85c1d8702e711dc592e003242214_JaffaCakes118
Size

287KB
MD5

3fae85c1d8702e711dc592e003242214
SHA1

2c1aeb77c9b9328bf964aa46e428736cf9a8018d
SHA256

9630220448f30437afb45835043b2d2c9d5c7fc6f26a1a2c0d461c8ba45b0572
SHA512

513c4583d65f2f0856c4c6f1f8a1be2412f910cc7471bf6b6847065076f4385c3f1b08a1f0520cd281209c5d75353a6a73ceb8a277656289271e5c28aca27402
SSDEEP

6144:fC5D81NlBzGFDXL7WwTkBKjJIeKwc9AgYtOtTU7kakg2hlU:fC5D81NlB6FDXvWwTkEjWeKwcGgbg2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fae85c1d8702e711dc592e003242214_JaffaCakes118

Files

3fae85c1d8702e711dc592e003242214_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0057b76f3bdd4e74defff7b8fba41f72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\unoxml\wntmsci12.pro\bin\unoxmlmi.pdb

Imports

ucbhelper4msc

??1CommandEnvironment@ucbhelper@@UAE@XZ
?release@CommandEnvironment@ucbhelper@@UAAXXZ
?acquire@CommandEnvironment@ucbhelper@@UAAXXZ
?queryInterface@CommandEnvironment@ucbhelper@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
??0CommandEnvironment@ucbhelper@@QAE@ABV?$Reference@VXInteractionHandler@task@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXProgressHandler@ucb@star@sun@com@@@3456@@Z
??0Content@ucbhelper@@QAE@ABVOUString@rtl@@ABV?$Reference@VXCommandEnvironment@ucb@star@sun@com@@@uno@star@sun@com@@@Z
?openStream@Content@ucbhelper@@QAE?AV?$Reference@VXInputStream@io@star@sun@com@@@uno@star@sun@com@@XZ
??1Content@ucbhelper@@QAE@XZ

libxml2

xmlXPathCastToString
xmlXPathFreeObject
xmlXPathCastToNumber
xmlXPathCastToBoolean
xmlXPathNewContext
xmlSetGenericErrorFunc
xmlXPathEval
xmlXPathFreeContext
xmlXPathRegisterNs
xmlXPathRegisterFuncLookup
xmlXPathRegisterVariableLookup
xmlUnlinkNode
xmlNodeSetContent
xmlNodeAddContent
xmlNodeGetContent
xmlSetNsProp
xmlFreeParserCtxt
xmlNewDoc
xmlInitParser
xmlNewIOInputStream
xmlParserInputBufferCreateIO
xmlCtxtReadIO
xmlNewParserCtxt
xmlSetExternalEntityLoader
xmlCtxtReadFile
xmlFreeNs
xmlSearchNs
xmlAddChild
xmlFreeNode
xmlNewProp
xmlNewNsProp
xmlNewNs
xmlCopyNode
xmlGetLastChild
xmlRemoveProp
xmlNewDocProp
xmlNewDocNode
xmlNewCDataBlock
xmlNewDocComment
xmlNewDocFragment
xmlSetNs
xmlNewReference
xmlParseCharEncoding
xmlNewPI
xmlNewDocText
xmlSaveFileTo
xmlOutputBufferCreateIO
xmlFreeDoc
xmlFree
xmlStringGetNodeList
xmlEncodeEntitiesReentrant
xmlGetProp
xmlGetNsProp
xmlHasProp
xmlHasNsProp
xmlUnsetProp
xmlUnsetNsProp
xmlSearchNsByHref
xmlStrdup
xmlSetProp

comphelp4msc

?queryInterface@?$WeakImplHelper1@VXAttributeList@sax@xml@star@sun@com@@@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
?AddAttribute@AttributeList@comphelper@@QAEXABVOUString@rtl@@00@Z
?acquire@?$WeakImplHelper1@VXAttributeList@sax@xml@star@sun@com@@@cppu@@UAAXXZ
?release@?$WeakImplHelper1@VXAttributeList@sax@xml@star@sun@com@@@cppu@@UAAXXZ
??1AttributeList@comphelper@@UAE@XZ
??0AttributeList@comphelper@@QAE@XZ

cppuhelper3msc

?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?ImplInhHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@ABV23456@@Z
?ImplHelper_queryNoXInterface@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAX@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?createSingleFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?createOneInstanceFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
??1OWeakObject@cppu@@MAE@XZ
??0OWeakObject@cppu@@QAE@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?release@OWeakObject@cppu@@UAAXXZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z

cppu3

uno_any_destruct
uno_any_construct
typelib_static_type_init
uno_type_destructData
typelib_static_sequence_type_init
typelib_static_type_getByTypeClass
uno_type_any_construct
cppu_unsatisfied_iquery_msg
uno_type_sequence_construct
uno_type_sequence_realloc
uno_type_assignData
uno_type_sequence_reference2One

saxmi

?clear@FastAttributeList@sax_fastparser@@QAEXXZ
?add@FastAttributeList@sax_fastparser@@QAEXJABVOString@rtl@@@Z
??1FastAttributeList@sax_fastparser@@UAE@XZ
?release@?$WeakImplHelper1@VXFastAttributeList@sax@xml@star@sun@com@@@cppu@@UAAXXZ
?acquire@?$WeakImplHelper1@VXFastAttributeList@sax@xml@star@sun@com@@@cppu@@UAAXXZ
?queryInterface@?$WeakImplHelper1@VXFastAttributeList@sax@xml@star@sun@com@@@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
??0FastAttributeList@sax_fastparser@@QAE@ABV?$Reference@VXFastTokenHandler@sax@xml@star@sun@com@@@uno@star@sun@com@@@Z

sal3

rtl_string_newConcat
rtl_ustr_reverseCompare_WithLength
rtl_string_newFromStr
osl_destroyMutex
osl_createMutex
rtl_ustr_hashCode_WithLength
rtl_str_compare_WithLength
rtl_string_assign
rtl_string_newFromStr_WithLength
rtl_string_acquire
rtl_string_new
rtl_copyMemory
rtl_str_getLength
rtl_ustr_valueOfInt32
rtl_uStringbuffer_insert_ascii
rtl_uStringbuffer_insert
rtl_uStringbuffer_newFromStr_WithLength
rtl_uString_new_WithLength
rtl_string_release
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_incrementInterlockedCount
rtl_freeMemory
rtl_allocateMemory
rtl_uString_newFromAscii
rtl_uString_newFromStr_WithLength
rtl_ustr_indexOfStr_WithLength
rtl_ustr_indexOfChar_WithLength
rtl_ustr_compare_WithLength
rtl_uString_acquire
rtl_ustr_ascii_compare_WithLength
rtl_uString_newConcat
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_uString_new
rtl_uString2String

msvcr90

_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
fopen
fclose
__iob_func
fprintf
??8type_info@@QBE_NABV0@@Z
_purecall
_vsnprintf
??_U@YAPAXI@Z
__RTDynamicCast
??2@YAPAXI@Z
memmove
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

stlport_vc7145

??1?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@XZ
?swap@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXAAV12@@Z
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@IABQAXABV?$allocator@PAX@1@@Z
?get_allocator@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QBE?AV?$allocator@PAX@2@XZ
?_M_fill_insert@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXPAPAXIABQAX@Z
?reserve@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXI@Z
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@ABV?$allocator@PAX@1@@Z
??1?$allocator@PAX@_STL@@QAE@XZ
?_M_increment@?$_Rb_global@_N@_STL@@SAPAU_Rb_tree_node_base@2@PAU32@@Z
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?_M_decrement@?$_Rb_global@_N@_STL@@SAPAU_Rb_tree_node_base@2@PAU32@@Z
?_Rebalance@?$_Rb_global@_N@_STL@@SAXPAU_Rb_tree_node_base@2@AAPAU32@@Z
?_Rebalance_for_erase@?$_Rb_global@_N@_STL@@SAPAU_Rb_tree_node_base@2@PAU32@AAPAU32@11@Z

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0057b76f3bdd4e74defff7b8fba41f72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ucbhelper4msc

libxml2

comphelp4msc

cppuhelper3msc

cppu3

saxmi

sal3

msvcr90

kernel32

stlport_vc7145

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB