3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118
Size

65KB
MD5

3fb61cd9fa9bb0a5254857063e97ec34
SHA1

4f62c9c5f9027af3d36932da2185e1dd24642994
SHA256

89704806d9001766e522eb04e50229beb82d3fbf93c0735420de07d8b59e6953
SHA512

04f0cc0d1f6ab34fbf9a77864547f5dcf916ed490c21efd6e483466e58729a9a599fa8e1536aba0ac0e7567929d07980f322b741f8441a22c76deab6b1e6c83f
SSDEEP

768:CMYgT9zkftZ2OKt3ilHrIbc2QV30u1r08kBG2GhCYZJqGBR:dYgT9zitZ2OKpilLmcZyWqGBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118

Files

3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118
.dll windows:5 windows x86 arch:x86

53608ccf3dc4f6d8b011d715993c56c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\i18nutil\wntmsci12.pro\bin\i18nutilMSC.pdb

Imports

cppu3

typelib_static_type_getByTypeClass
uno_type_sequence_reference2One
uno_type_sequence_realloc
typelib_static_sequence_type_init

sal3

rtl_ustr_ascii_compare_WithLength
rtl_uString_acquire
rtl_allocateMemory
rtl_uString_new
rtl_uString_release

msvcr90

_unlock
__dllonexit
_encode_pointer
_lock
??3@YAXPAX@Z
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
_onexit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
TerminateProcess

Exports

Exports

??$getTypeFavourUnsigned@J@cppu@@YAABVType@uno@star@sun@com@@PBJ@Z
??$getTypeFavourUnsigned@J@cppu@@YAABVType@uno@star@sun@com@@PBV?$Sequence@J@2345@@Z
??0?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@ABV01234@@Z
??0?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??0Exception@uno@star@sun@com@@QAE@ABV01234@@Z
??0Exception@uno@star@sun@com@@QAE@XZ
??0MappingElement@i18n@star@sun@com@@QAE@XZ
??0OUString@rtl@@QAE@ABV01@@Z
??0OUString@rtl@@QAE@PAU_rtl_uString@@@Z
??0OUString@rtl@@QAE@XZ
??0RuntimeException@uno@star@sun@com@@QAE@ABV01234@@Z
??0RuntimeException@uno@star@sun@com@@QAE@XZ
??0oneToOneMapping@i18n@star@sun@com@@QAE@PAU?$pair@GG@_STL@@II@Z
??0oneToOneMappingWithFlag@i18n@star@sun@com@@QAE@PAU_UnicodePairWithFlag@1234@IC@Z
??1?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??1Exception@uno@star@sun@com@@QAE@XZ
??1OUString@rtl@@QAE@XZ
??1RuntimeException@uno@star@sun@com@@QAE@XZ
??1oneToOneMapping@i18n@star@sun@com@@UAE@XZ
??1oneToOneMappingWithFlag@i18n@star@sun@com@@UAE@XZ
??AoneToOneMapping@i18n@star@sun@com@@QBEGG@Z
??_7oneToOneMapping@i18n@star@sun@com@@6B@
??_7oneToOneMappingWithFlag@i18n@star@sun@com@@6B@
??_GoneToOneMapping@i18n@star@sun@com@@UAEPAXI@Z
??_GoneToOneMappingWithFlag@i18n@star@sun@com@@UAEPAXI@Z
??_R0?AVException@uno@star@sun@com@@@8
??_R0?AVRuntimeException@uno@star@sun@com@@@8
??_R0?AVoneToOneMapping@i18n@star@sun@com@@@8
??_R0?AVoneToOneMappingWithFlag@i18n@star@sun@com@@@8
??_R1A@?0A@EA@oneToOneMapping@i18n@star@sun@com@@8
??_R1A@?0A@EA@oneToOneMappingWithFlag@i18n@star@sun@com@@8
??_R2oneToOneMapping@i18n@star@sun@com@@8
??_R2oneToOneMappingWithFlag@i18n@star@sun@com@@8
??_R3oneToOneMapping@i18n@star@sun@com@@8
??_R3oneToOneMappingWithFlag@i18n@star@sun@com@@8
??_R4oneToOneMapping@i18n@star@sun@com@@6B@
??_R4oneToOneMappingWithFlag@i18n@star@sun@com@@6B@
?compareToAscii@OUString@rtl@@QBEJPBD@Z
?compose_ja_voiced_sound_marks@widthfolding@i18n@star@sun@com@@SA?AVOUString@rtl@@ABV67@JJAAV?$Sequence@J@uno@345@EJ@Z
?cpp_acquire@uno@star@sun@com@@YAXPAX@Z
?cpp_release@uno@star@sun@com@@YAXPAX@Z
?cppu_detail_getUnoType@detail@cppu@@YAABVType@uno@star@sun@com@@PBJ@Z
?decompose_ja_voiced_sound_marks@widthfolding@i18n@star@sun@com@@SA?AVOUString@rtl@@ABV67@JJAAV?$Sequence@J@uno@345@E@Z
?decompose_ja_voiced_sound_marksChar2Char@widthfolding@i18n@star@sun@com@@SAGG@Z
?find@oneToOneMapping@i18n@star@sun@com@@UBEGG@Z
?find@oneToOneMappingWithFlag@i18n@star@sun@com@@UBEGG@Z
?full2half@i18n@star@sun@com@@3PAU_UnicodePairWithFlag@1234@A
?full2halfASCException@i18n@star@sun@com@@3PAU_UnicodePairWithFlag@1234@A
?get@?$UnoType@J@cppu@@SAABVType@uno@star@sun@com@@XZ
?getArray@?$Sequence@J@uno@star@sun@com@@QAAPAJXZ
?getCharType@unicode@@SAJG@Z
?getCompositionChar@widthfolding@i18n@star@sun@com@@SAGGG@Z
?getConditionalValue@casefolding@i18n@star@sun@com@@SAAAUMapping@2345@PBGJJAAULocale@lang@345@E@Z
?getNextChar@casefolding@i18n@star@sun@com@@SAGPBGAAJJAAUMappingElement@2345@AAULocale@lang@345@EW4TransliterationModules@2345@@Z
?getStr@OUString@rtl@@QBEPBGXZ
?getTypeFromTypeClass@detail@cppu@@YAABVType@uno@star@sun@com@@W4_typelib_TypeClass@@@Z
?getTypeFromTypeDescriptionReference@detail@cppu@@YAABVType@uno@star@sun@com@@PBQAU_typelib_TypeDescriptionReference@@@Z
?getTypeLibType@Type@uno@star@sun@com@@QBAPAU_typelib_TypeDescriptionReference@@XZ
?getUnicodeDirection@unicode@@SAEG@Z
?getUnicodeScriptEnd@unicode@@SAGW4UnicodeScript@i18n@star@sun@com@@@Z
?getUnicodeScriptStart@unicode@@SAGW4UnicodeScript@i18n@star@sun@com@@@Z
?getUnicodeScriptType@unicode@@SAFGPAU_ScriptTypeList@@F@Z
?getUnicodeType@unicode@@SAFG@Z
?getValue@casefolding@i18n@star@sun@com@@SAAAUMapping@2345@PBGJJAAULocale@lang@345@E@Z
?getfull2halfTable@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?getfull2halfTableForASC@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?getfullKana2halfKanaTable@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?gethalf2fullTable@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?gethalf2fullTableForJIS@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?gethalfKana2fullKanaTable@widthfolding@i18n@star@sun@com@@SAAAVoneToOneMapping@2345@XZ
?half2full@i18n@star@sun@com@@3PAU_UnicodePairWithFlag@1234@A
?half2fullJISException@i18n@star@sun@com@@3PAU_UnicodePairWithFlag@1234@A
?isAlpha@unicode@@SAEG@Z
?isAlphaDigit@unicode@@SAEG@Z
?isBase@unicode@@SAEG@Z
?isControl@unicode@@SAEG@Z
?isDigit@unicode@@SAEG@Z
?isLower@unicode@@SAEG@Z
?isPrint@unicode@@SAEG@Z
?isPunctuation@unicode@@SAEG@Z
?isSpace@unicode@@SAEG@Z
?isTitle@unicode@@SAEG@Z
?isUnicodeScriptType@unicode@@SAEGF@Z
?isUpper@unicode@@SAEG@Z
?isWhiteSpace@unicode@@SAEG@Z
?is_ja_voice_sound_mark@i18n@star@sun@com@@YAEAAGG@Z
?makeIndex@oneToOneMappingWithFlag@i18n@star@sun@com@@QAEXXZ
?realloc@?$Sequence@J@uno@star@sun@com@@QAAXJ@Z
?s_pType@?$Sequence@J@uno@star@sun@com@@2PAU_typelib_TypeDescriptionReference@@A
?x_rtl_uString_new_WithLength@@YAPAU_rtl_uString@@JJ@Z
?x_rtl_uString_new_WithLength@@YAXPAPAU_rtl_uString@@JJ@Z
GetVersionInfo
_TI2?AVRuntimeException@uno@star@sun@com@@

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53608ccf3dc4f6d8b011d715993c56c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cppu3

sal3

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 42KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 42KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB