734c6044e277011ace11be2eb41ab1b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

734c6044e277011ace11be2eb41ab1b5_JaffaCakes118
Size

13KB
MD5

734c6044e277011ace11be2eb41ab1b5
SHA1

397671715497e03b2569a9320f29a438bdb1faf9
SHA256

685856e79627ecdf811f2ca777c3e2916832278894f666ef92bf542073a78fc8
SHA512

1bf426b83685ed90cc65f24c54ace17fb2520a765a6118c3f477eeeb2ea6ed900e0c2e1d83b8991a08edd604509d535ea7032e66a3f089d50fa5263c11226587
SSDEEP

384:lwGVT5Ed1+BAGNvgA4EjhcXEKZOtk0abO6cyMgg:lwYdEYrEfRO6cyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
734c6044e277011ace11be2eb41ab1b5_JaffaCakes118

Files

734c6044e277011ace11be2eb41ab1b5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

abe30b1c00dee32a809111498310a349

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\salhelper\wntmsci12.pro\bin\salhelper3MSC.pdb

Imports

msvcr90

_except_handler4_common
_onexit
_crt_debugger_hook
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_encode_pointer
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
??2@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_CxxThrowException
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

sal3

rtl_uString_acquire
rtl_uString_release
osl_unloadModule
osl_getFunctionSymbol
osl_loadModule
osl_resetCondition
osl_setCondition
osl_destroyCondition
osl_createCondition
osl_releaseMutex
osl_acquireMutex
osl_waitCondition

Exports

Exports

??0Condition@salhelper@@QAE@AAVMutex@osl@@@Z
??0ConditionModifier@salhelper@@QAE@AAVCondition@1@@Z
??0ConditionWaiter@salhelper@@QAE@AAVCondition@1@@Z
??0ConditionWaiter@salhelper@@QAE@AAVCondition@1@K@Z
??0ORealDynamicLoader@salhelper@@IAE@PAPAV01@ABVOUString@rtl@@1PAX2@Z
??0timedout@ConditionWaiter@salhelper@@QAE@ABU012@@Z
??0timedout@ConditionWaiter@salhelper@@QAE@XZ
??1Condition@salhelper@@UAE@XZ
??1ConditionModifier@salhelper@@QAE@XZ
??1ConditionWaiter@salhelper@@QAE@XZ
??1ORealDynamicLoader@salhelper@@MAE@XZ
??1SimpleReferenceObject@salhelper@@MAE@XZ
??1timedout@ConditionWaiter@salhelper@@UAE@XZ
??2SimpleReferenceObject@salhelper@@SAPAXI@Z
??2SimpleReferenceObject@salhelper@@SAPAXIABUnothrow_t@std@@@Z
??3SimpleReferenceObject@salhelper@@SAXPAX@Z
??3SimpleReferenceObject@salhelper@@SAXPAXABUnothrow_t@std@@@Z
??4timedout@ConditionWaiter@salhelper@@QAEAAU012@ABU012@@Z
??_7ORealDynamicLoader@salhelper@@6B@
??_7SimpleReferenceObject@salhelper@@6B@
?acquire@ORealDynamicLoader@salhelper@@QAAKXZ
?getApi@ORealDynamicLoader@salhelper@@QBAPAXXZ
?newInstance@ORealDynamicLoader@salhelper@@SAPAV12@PAPAV12@ABVOUString@rtl@@1@Z
?release@ORealDynamicLoader@salhelper@@QAAKXZ
GetVersionInfo

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe30b1c00dee32a809111498310a349

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

sal3

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 600B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 600B