4105d0df525c031ea0b9ee418f0a1663_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4105d0df525c031ea0b9ee418f0a1663_JaffaCakes118
Size

78KB
MD5

4105d0df525c031ea0b9ee418f0a1663
SHA1

29eb2f68d4e3d103b962b00c872dd0d9027d7d74
SHA256

4ebf3fce1825a891a54e577ba72ed0f427836f0aea0fbde2c4b1cc80fa81aae8
SHA512

2fb09ebb65b6c2e26e5843c6e7c04c0fc8d894688dcbb356680db4589f2bc9f2ea8e11951c194a503c398b3adc5b2d5ee5dc74c488cd23d85f3209c92e15a52c
SSDEEP

1536:G/n2GafwpfDvWCJywlljF+Kwmp+Nyd+O+nwqgL:G/2GafwpbvWAvjFp1Qy8O+nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4105d0df525c031ea0b9ee418f0a1663_JaffaCakes118

Files

4105d0df525c031ea0b9ee418f0a1663_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4c302b694abe435ae79a49adf2767e53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\OOO320\src\dbaccess\wntmsci12.pro\bin\sdbtmi.pdb

Imports

msvcr90

_except_handler4_common
_onexit
_crt_debugger_hook
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
?terminate@@YAXXZ
_purecall
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

cppu3

uno_any_construct
cppu_unsatisfied_iquery_msg
uno_type_assignData
uno_type_destructData
uno_type_sequence_reference2One
uno_type_sequence_construct
typelib_static_sequence_type_init
uno_type_any_construct
typelib_static_type_init
uno_any_destruct
typelib_static_type_getByTypeClass
uno_type_any_assign

cppuhelper3msc

?createSingleComponentFactory@cppu@@YA?AV?$Reference@VXSingleComponentFactory@lang@star@sun@com@@@uno@star@sun@com@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@ABV?$Reference@VXComponentContext@uno@star@sun@com@@@3456@@ZABVOUString@rtl@@ABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
??1WeakReferenceHelper@uno@star@sun@com@@QAE@XZ
??4WeakReferenceHelper@uno@star@sun@com@@QAAAAV01234@ABV01234@@Z
??1OWeakObject@cppu@@MAE@XZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?release@OWeakObject@cppu@@UAAXXZ
??0WeakReferenceHelper@uno@star@sun@com@@QAE@ABV?$Reference@VXInterface@uno@star@sun@com@@@1234@@Z
??0OWeakObject@cppu@@QAE@XZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?get@WeakReferenceHelper@uno@star@sun@com@@QBA?AV?$Reference@VXInterface@uno@star@sun@com@@@2345@XZ

utlmi

??0OComponentResourceModule@utl@@QAE@ABVOString@rtl@@@Z
?onFirstClient@OComponentResourceModule@utl@@MAEXXZ
?onLastClient@OComponentResourceModule@utl@@MAEXXZ
??0ModuleRes@utl@@QAE@GAAVOComponentResourceModule@1@@Z
??1OComponentResourceModule@utl@@UAE@XZ

comphelp4msc

??0ComponentContext@comphelper@@QAE@ABV01@@Z
?getComponentFactory@OModule@comphelper@@QAE?AV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@ABVOUString@rtl@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@4567@@Z
?writeComponentInfos@OModule@comphelper@@QAEEPAX0@Z
??0OModuleClient@comphelper@@QAE@AAVOModule@1@@Z
??1ComponentContext@comphelper@@QAE@XZ
??0ComponentContext@comphelper@@QAE@ABV?$Reference@VXComponentContext@uno@star@sun@com@@@uno@star@sun@com@@@Z
?registerImplementation@OModule@comphelper@@QAEXABVOUString@rtl@@ABV?$Sequence@VOUString@rtl@@@uno@star@sun@com@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@6789@ABV?$Reference@VXComponentContext@uno@star@sun@com@@@6789@@ZP6A?AV?$Reference@VXSingleComponentFactory@lang@star@sun@com@@@6789@301PAU_rtl_ModuleCount@@@Z@Z
??1NamedValueCollection@comphelper@@QAE@XZ
?get@NamedValueCollection@comphelper@@QBEABVAny@uno@star@sun@com@@PBD@Z
??0NamedValueCollection@comphelper@@QAE@ABV?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@@Z
??1OModuleClient@comphelper@@QAE@XZ

tlmi

??0String@@QAE@ABVOUString@rtl@@@Z
?Assign@String@@QAEAAV1@ABV1@@Z
??0String@@QAE@ABVResId@@@Z
??BString@@QBE?AVOUString@rtl@@XZ
??1String@@QAE@XZ

dbtoolsmi

??1SQLExceptionInfo@dbtools@@QAE@XZ
?doThrow@SQLExceptionInfo@dbtools@@QAEXXZ
?isValid@SQLExceptionInfo@dbtools@@QBEEXZ
?getFieldsByCommandDescriptor@dbtools@@YA?AV?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXConnection@sdbc@star@sun@com@@@3456@JABVOUString@rtl@@AAV?$Reference@VXComponent@lang@star@sun@com@@@3456@PAVSQLExceptionInfo@1@@Z
??0SQLExceptionInfo@dbtools@@QAE@XZ
??1StatementComposer@dbtools@@QAE@XZ
?getComposer@StatementComposer@dbtools@@QAE?AV?$Reference@VXSingleSelectQueryComposer@sdb@star@sun@com@@@uno@star@sun@com@@XZ
?setDisposeComposer@StatementComposer@dbtools@@QAEX_N@Z
??0StatementComposer@dbtools@@QAE@ABV?$Reference@VXConnection@sdbc@star@sun@com@@@uno@star@sun@com@@ABVOUString@rtl@@JE@Z
?convertName2SQLName@dbtools@@YA?AVOUString@rtl@@ABV23@0@Z
?composeTableName@dbtools@@YA?AVOUString@rtl@@ABV?$Reference@VXDatabaseMetaData@sdbc@star@sun@com@@@uno@star@sun@com@@ABV23@11EW4EComposeRule@1@@Z
?qualifiedNameComponents@dbtools@@YAXABV?$Reference@VXDatabaseMetaData@sdbc@star@sun@com@@@uno@star@sun@com@@ABVOUString@rtl@@AAV78@22W4EComposeRule@1@@Z
?isValidSQLName@dbtools@@YAEABVOUString@rtl@@0@Z
??1DatabaseMetaData@dbtools@@QAE@XZ
?restrictIdentifiersToSQL92@DatabaseMetaData@dbtools@@QBE_NXZ
??0DatabaseMetaData@dbtools@@QAE@ABV?$Reference@VXConnection@sdbc@star@sun@com@@@uno@star@sun@com@@@Z
??1SQLError@connectivity@@QAE@XZ
?supportsSubqueriesInFrom@DatabaseMetaData@dbtools@@QBE_NXZ
?getSQLException@SQLError@connectivity@@QBE?AVSQLException@sdbc@star@sun@com@@JABV?$Reference@VXInterface@uno@star@sun@com@@@uno@567@ABVParamValue@12@11@Z
??0SQLError@connectivity@@QAE@ABVComponentContext@comphelper@@@Z
?raiseException@SQLError@connectivity@@QBEXJABV?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@ABVParamValue@12@11@Z
?composeTableNameForSelect@dbtools@@YA?AVOUString@rtl@@ABV?$Reference@VXConnection@sdbc@star@sun@com@@@uno@star@sun@com@@ABV23@11@Z

sal3

rtl_uString_new_WithLength
rtl_uString_release
rtl_uString_newFromAscii
rtl_uString_new
rtl_string2UString
rtl_uString_assign
rtl_ustr_compare_WithLength
osl_createMutex
osl_destroyMutex
osl_acquireMutex
osl_releaseMutex
rtl_allocateMemory
rtl_freeMemory
osl_incrementInterlockedCount
osl_getGlobalMutex
rtl_uString_acquire
rtl_string_newFromStr
rtl_string_release
rtl_str_getLength
rtl_uStringbuffer_insert
rtl_uStringbuffer_insert_ascii
rtl_ustr_valueOfInt32
rtl_ustr_indexOfChar_WithLength

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c302b694abe435ae79a49adf2767e53

Headers

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

cppu3

cppuhelper3msc

utlmi

comphelp4msc

tlmi

dbtoolsmi

sal3

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB