5c01fdcb54c4c65128fd0586af167416_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c01fdcb54c4c65128fd0586af167416_JaffaCakes118
Size

28KB
MD5

5c01fdcb54c4c65128fd0586af167416
SHA1

45e6aec5f0015848fdd509be4a99d15ca2d30e65
SHA256

46e1fb813443eff4f8ebe68d15a5aa89e0f4b709643af9af7cf362f370bfc772
SHA512

6ae9a1bb1a8b4bf03d1fc5f2c8a4e2cd948c6559395d823ab3055ed949433cc57516b7630b7c03094435765b7bf0c1f76c5bfa7d2997e185c3920ba8d0cd34cf
SSDEEP

384:vYsvTk3Xpg0Kk534LNVXAH8nLBkiOt1HfCJ15x31ksoMRNwh:QpR5oLN9V3OtxChRpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c01fdcb54c4c65128fd0586af167416_JaffaCakes118

Files

5c01fdcb54c4c65128fd0586af167416_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bd0354ffb8dece819170fbe733db7248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\i18npool\wntmsci12.pro\bin\i18npapermi.pdb

Imports

i18nisolang1msc

?getPlatformSystemUILanguage@MsLangId@@CAGXZ
?getPlatformSystemLanguage@MsLangId@@CAGXZ

comphelp4msc

?getProcessServiceFactory@comphelper@@YA?AV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@XZ

cppu3

uno_type_sequence_construct
uno_type_destructData
typelib_static_type_getByTypeClass
uno_any_destruct
typelib_static_type_init
uno_type_any_assign
typelib_static_sequence_type_init
cppu_unsatisfied_iquery_msg
uno_type_sequence_reference2One

sal3

rtl_string_new
rtl_string_acquire
rtl_string_newFromStr
rtl_string_release
rtl_uString_new
rtl_uString_acquire
rtl_uString_release
rtl_uString_assign
rtl_ustr_ascii_compare_WithLength
rtl_ustr_indexOfChar_WithLength
rtl_uString_newFromStr_WithLength
rtl_uString_internConvert
rtl_str_compareIgnoreAsciiCase

msvcr90

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

??$?_3VOUString@rtl@@@uno@star@sun@com@@YAXAAVAny@0123@ABVOUString@rtl@@@Z
??$cppu_detail_getUnoType@VXMultiServiceFactory@lang@star@sun@com@@@detail@cppu@@YAABVType@uno@star@sun@com@@PBV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@@Z
??$cppu_detail_getUnoType@VXNameAccess@container@star@sun@com@@@detail@cppu@@YAABVType@uno@star@sun@com@@PBV?$Reference@VXNameAccess@container@star@sun@com@@@3456@@Z
??$getTypeFavourUnsigned@VAny@uno@star@sun@com@@@cppu@@YAABVType@uno@star@sun@com@@PBV?$Sequence@VAny@uno@star@sun@com@@@2345@@Z
??$getTypeFavourUnsigned@VAny@uno@star@sun@com@@@cppu@@YAABVType@uno@star@sun@com@@PBVAny@2345@@Z
??$getTypeFavourUnsigned@VOUString@rtl@@@cppu@@YAABVType@uno@star@sun@com@@PBVOUString@rtl@@@Z
??0?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@ABV01234@@Z
??0?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@PAVXInterface@1234@@Z
??0?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@QAE@ABVBaseReference@1234@W4UnoReference_QueryThrow@1234@@Z
??0?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@QAE@ABVBaseReference@1234@W4UnoReference_QueryThrow@1234@@Z
??0?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@QAE@J@Z
??0Exception@uno@star@sun@com@@QAE@ABV01234@@Z
??0Exception@uno@star@sun@com@@QAE@ABVOUString@rtl@@ABV?$Reference@VXInterface@uno@star@sun@com@@@1234@@Z
??0Locale@lang@star@sun@com@@QAE@XZ
??0OString@rtl@@QAE@ABV01@@Z
??0OString@rtl@@QAE@PBD@Z
??0OString@rtl@@QAE@XZ
??0OUString@rtl@@AAE@PAU_rtl_uString@@PAVDO_NOT_ACQUIRE@01@@Z
??0OUString@rtl@@QAE@ABV01@@Z
??0OUString@rtl@@QAE@PAU_rtl_uString@@W4__sal_NoAcquire@@@Z
??0OUString@rtl@@QAE@XZ
??0PaperInfo@@QAE@JJ@Z
??0PaperInfo@@QAE@W4Paper@@@Z
??0RuntimeException@uno@star@sun@com@@QAE@ABV01234@@Z
??0RuntimeException@uno@star@sun@com@@QAE@ABVOUString@rtl@@ABV?$Reference@VXInterface@uno@star@sun@com@@@1234@@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@XZ
??1?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??1?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??1?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??1?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@QAE@XZ
??1Any@uno@star@sun@com@@QAE@XZ
??1Exception@uno@star@sun@com@@QAE@XZ
??1Locale@lang@star@sun@com@@QAE@XZ
??1OString@rtl@@QAE@XZ
??1OUString@rtl@@QAE@XZ
??1RuntimeException@uno@star@sun@com@@QAE@XZ
??1bad_alloc@std@@UAE@XZ
??4MsLangId@@QAEAAV0@ABV0@@Z
??4OUString@rtl@@QAEAAV01@ABV01@@Z
??4PaperInfo@@QAEAAV0@ABV0@@Z
??A?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@QAAAAVAny@1234@J@Z
??C?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@QBAPAVXMultiServiceFactory@lang@234@XZ
??C?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@QBAPAVXNameAccess@container@234@XZ
??_2uno@star@sun@com@@YAEABVAny@0123@AAVOUString@rtl@@@Z
??_7bad_alloc@std@@6B@
??_C@_0CD@PODAOHBM@com?4sun?4star?4container?4XNameAcce@
??_C@_0CH@CJPJMNHE@com?4sun?4star?4lang?4XMultiServiceF@
??_Gbad_alloc@std@@UAEPAXI@Z
??_R0?AVException@uno@star@sun@com@@@8
??_R0?AVRuntimeException@uno@star@sun@com@@@8
??_R0?AVbad_alloc@std@@@8
??_R0?AVexception@std@@@8
??_R1A@?0A@EA@bad_alloc@std@@8
??_R1A@?0A@EA@exception@std@@8
??_R2bad_alloc@std@@8
??_R2exception@std@@8
??_R3bad_alloc@std@@8
??_R3exception@std@@8
??_R4bad_alloc@std@@6B@
?castFromXInterface@?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@CAPAVXMultiServiceFactory@lang@345@PAVXInterface@2345@@Z
?castFromXInterface@?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@CAPAVXNameAccess@container@345@PAVXInterface@2345@@Z
?castToXInterface@?$Reference@VXInterface@uno@star@sun@com@@@uno@star@sun@com@@CAPAVXInterface@2345@PAV62345@@Z
?castToXInterface@?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@CAPAVXInterface@2345@PAVXNameAccess@container@345@@Z
?compareToAscii@OUString@rtl@@QBEJPBD@Z
?copy@OUString@rtl@@QBE?AV12@J@Z
?copy@OUString@rtl@@QBE?AV12@JJ@Z
?cpp_acquire@uno@star@sun@com@@YAXPAX@Z
?cpp_release@uno@star@sun@com@@YAXPAX@Z
?cppu_detail_getUnoType@container@star@sun@com@@YAABVType@uno@234@PBVXNameAccess@1234@@Z
?cppu_detail_getUnoType@detail@cppu@@YAABVType@uno@star@sun@com@@PBVAny@4567@@Z
?cppu_detail_getUnoType@detail@cppu@@YAABVType@uno@star@sun@com@@PBVOUString@rtl@@@Z
?cppu_detail_getUnoType@lang@star@sun@com@@YAABVType@uno@234@PBVXMultiServiceFactory@1234@@Z
?doSloppyFit@PaperInfo@@QAE_NXZ
?fromPSName@PaperInfo@@SA?AW4Paper@@ABVOString@rtl@@@Z
?get@?$UnoType@V?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@?$UnoType@V?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@?$UnoType@VAny@uno@star@sun@com@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@?$UnoType@VOUString@rtl@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@?$UnoType@VXMultiServiceFactory@lang@star@sun@com@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@?$UnoType@VXNameAccess@container@star@sun@com@@@cppu@@SAABVType@uno@star@sun@com@@XZ
?get@BaseReference@uno@star@sun@com@@QBAPAVXInterface@2345@XZ
?getArray@?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@QAAPAVAny@2345@XZ
?getCppuType@@YAABVType@uno@star@sun@com@@PBV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@2345@@Z
?getCppuType@@YAABVType@uno@star@sun@com@@PBV?$Reference@VXNameAccess@container@star@sun@com@@@2345@@Z
?getDefaultPaperForLocale@PaperInfo@@SA?AV1@ABULocale@lang@star@sun@com@@@Z
?getHeight@PaperInfo@@QBEJXZ
?getLength@OString@rtl@@QBEJXZ
?getLength@OUString@rtl@@QBEJXZ
?getPaper@PaperInfo@@QBE?AW4Paper@@XZ
?getPrimaryLanguage@MsLangId@@SAGG@Z
?getStr@OString@rtl@@QBEPBDXZ
?getSubLanguage@MsLangId@@SAGG@Z
?getSystemDefaultPaper@PaperInfo@@SA?AV1@XZ
?getSystemLanguage@MsLangId@@SAGXZ
?getSystemUILanguage@MsLangId@@SAGXZ
?getTypeFromTypeClass@detail@cppu@@YAABVType@uno@star@sun@com@@W4_typelib_TypeClass@@@Z
?getTypeFromTypeDescriptionReference@detail@cppu@@YAABVType@uno@star@sun@com@@PBQAU_typelib_TypeDescriptionReference@@@Z
?getTypeLibType@Type@uno@star@sun@com@@QBAPAU_typelib_TypeDescriptionReference@@XZ
?getWidth@PaperInfo@@QBEJXZ
?indexOf@OUString@rtl@@QBEJGJ@Z
?intern@OUString@rtl@@SA?AV12@PBDJGKPAK@Z
?iquery@BaseReference@uno@star@sun@com@@KAPAVXInterface@2345@PAV62345@ABVType@2345@@Z
?iquery_throw@?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@CAPAVXInterface@2345@PAV62345@@Z
?iquery_throw@?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@CAPAVXInterface@2345@PAV62345@@Z
?iquery_throw@BaseReference@uno@star@sun@com@@KAPAVXInterface@2345@PAV62345@ABVType@2345@@Z
?makeLangID@MsLangId@@SAGGG@Z
?s_pType@?$Sequence@VAny@uno@star@sun@com@@@uno@star@sun@com@@2PAU_typelib_TypeDescriptionReference@@A
?set@?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@QAAEPAVXNameAccess@container@345@W4__sal_NoAcquire@@@Z
?set@?$Reference@VXNameAccess@container@star@sun@com@@@uno@star@sun@com@@QAAXABVBaseReference@2345@W4UnoReference_QueryThrow@2345@@Z
?sloppyEqual@PaperInfo@@QBE_NABV1@@Z
?sloppyFitPageDimension@PaperInfo@@SAJJ@Z
?static_type@XMultiServiceFactory@lang@star@sun@com@@SAABVType@uno@345@PAX@Z
?static_type@XNameAccess@container@star@sun@com@@SAABVType@uno@345@PAX@Z
?the_type@?1??cppu_detail_getUnoType@container@star@sun@com@@YAABVType@uno@345@PBVXNameAccess@2345@@Z@4PAU_typelib_TypeDescriptionReference@@A
?the_type@?1??cppu_detail_getUnoType@lang@star@sun@com@@YAABVType@uno@345@PBVXMultiServiceFactory@2345@@Z@4PAU_typelib_TypeDescriptionReference@@A
?toPSName@PaperInfo@@SA?AVOString@rtl@@W4Paper@@@Z
GetVersionInfo
_TI2?AVRuntimeException@uno@star@sun@com@@
_TI2?AVbad_alloc@std@@

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd0354ffb8dece819170fbe733db7248

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

i18nisolang1msc

comphelp4msc

cppu3

sal3

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB