48fe3bc115998d30e3c49bb70040c766_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48fe3bc115998d30e3c49bb70040c766_JaffaCakes118
Size

45KB
MD5

48fe3bc115998d30e3c49bb70040c766
SHA1

0bc753d966ace8232c1b2c76730f6a1de5a80333
SHA256

e5ff39b05b2ae5af7c11ec6109d2cbd488255d804c08a678a9d80a124fa03bb1
SHA512

3be1b474a236a9caefa9ef1a5027ec2322b125ab0dbbdeafd7fd700cc3650812ad3c74100c11fc71a4013f77ac63d1a5cc8c3294e40a759bb04acf9c71683a80
SSDEEP

768:YH7rNWWKxuS71PwdlGHU9hz0ps0A69Y7RHr1y/dwl+OtB6CqZObMS:Qm4cedlphz0p/A6M1y/w+Ot6ObMS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48fe3bc115998d30e3c49bb70040c766_JaffaCakes118

Files

48fe3bc115998d30e3c49bb70040c766_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1b58ac8db6c55ed6b5dce81cf53e3d61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\onegit\workdir\wntmsci12.pro\LinkTarget\Library\xmlreader.pdb

Imports

sal3

osl_openFile
osl_getFileSize
osl_mapFile
osl_unmapFile
osl_closeFile
rtl_str_shortenedCompare_WithLength
rtl_str_indexOfStr_WithLength
rtl_str_indexOfChar_WithLength
rtl_uString_newConcat
rtl_uString2String
sal_detail_log
rtl_convertStringToUString
rtl_uString_release
rtl_string2UString
rtl_uString_acquire
rtl_str_compare_WithLength
rtl_stringbuffer_insert
rtl_stringbuffer_ensureCapacity
rtl_string_release
rtl_stringbuffer_newFromStringBuffer
rtl_string_new_WithLength

msvcp90

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ

msvcr90

__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
_lock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
abort
_invalid_parameter_noinfo
??2@YAPAXI@Z
memmove_s
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

??0Pad@xmlreader@@QAE@ABV01@@Z
??0Pad@xmlreader@@QAE@XZ
??0Span@xmlreader@@QAE@PBDJ@Z
??0Span@xmlreader@@QAE@XZ
??0XmlReader@xmlreader@@QAE@ABVOUString@rtl@@@Z
??1Pad@xmlreader@@QAE@XZ
??1XmlReader@xmlreader@@QAE@XZ
??4Pad@xmlreader@@QAEAAV01@ABV01@@Z
??4Span@xmlreader@@QAEAAU01@ABU01@@Z
?add@Pad@xmlreader@@QAEXPBDJ@Z
?addEphemeral@Pad@xmlreader@@QAEXPBDJ@Z
?clear@Pad@xmlreader@@QAEXXZ
?clear@Span@xmlreader@@QAEXXZ
?convertFromUtf8@Span@xmlreader@@QBE?AVOUString@rtl@@XZ
?equals@Span@xmlreader@@QBE_NABU12@@Z
?equals@Span@xmlreader@@QBE_NPBDJ@Z
?flushSpan@Pad@xmlreader@@AAEXXZ
?get@Pad@xmlreader@@QBE?AUSpan@2@XZ
?getAttributeValue@XmlReader@xmlreader@@QAE?AUSpan@2@_N@Z
?getNamespaceId@XmlReader@xmlreader@@QBEHABUSpan@2@@Z
?getUrl@XmlReader@xmlreader@@QBE?AVOUString@rtl@@XZ
?handleAttributeValue@XmlReader@xmlreader@@AAE?AUSpan@2@PBD0_N@Z
?handleElementEnd@XmlReader@xmlreader@@AAEXXZ
?handleEndTag@XmlReader@xmlreader@@AAE?AW4Result@12@XZ
?handleNormalizedText@XmlReader@xmlreader@@AAE?AW4Result@12@PAUSpan@2@@Z
?handleRawText@XmlReader@xmlreader@@AAE?AW4Result@12@PAUSpan@2@@Z
?handleReference@XmlReader@xmlreader@@AAEPBDPBD0@Z
?handleSkippedText@XmlReader@xmlreader@@AAE?AW4Result@12@PAUSpan@2@PAH@Z
?handleStartTag@XmlReader@xmlreader@@AAE?AW4Result@12@PAHPAUSpan@2@@Z
?is@Span@xmlreader@@QBE_NXZ
?nextAttribute@XmlReader@xmlreader@@QAE_NPAHPAUSpan@2@@Z
?nextItem@XmlReader@xmlreader@@QAE?AW4Result@12@W4Text@12@PAUSpan@2@PAH@Z
?normalizeLineEnds@XmlReader@xmlreader@@AAEXABUSpan@2@@Z
?peek@XmlReader@xmlreader@@AAEDXZ
?read@XmlReader@xmlreader@@AAEDXZ
?registerNamespaceIri@XmlReader@xmlreader@@QAEHABUSpan@2@@Z
?scanCdataSection@XmlReader@xmlreader@@AAE?AUSpan@2@XZ
?scanName@XmlReader@xmlreader@@AAE_NPAPBD@Z
?scanNamespaceIri@XmlReader@xmlreader@@AAEHPBD0@Z
?skipComment@XmlReader@xmlreader@@AAE_NXZ
?skipDocumentTypeDeclaration@XmlReader@xmlreader@@AAEXXZ
?skipProcessingInstruction@XmlReader@xmlreader@@AAEXXZ
?skipSpace@XmlReader@xmlreader@@AAEXXZ
?toNamespaceId@XmlReader@xmlreader@@AAEHI@Z

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b58ac8db6c55ed6b5dce81cf53e3d61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

msvcp90

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 2KB - Virtual size: 1KB