a5863e5e4e1f4f62ab3fb7959daa0846_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5863e5e4e1f4f62ab3fb7959daa0846_JaffaCakes118
Size

26KB
MD5

a5863e5e4e1f4f62ab3fb7959daa0846
SHA1

a4563537763581b9b38ad327990ca31a3984bb86
SHA256

4405e40935239030e9d1cce3b5b81e5a9ee877ef65196d91fa635874ed080abb
SHA512

73cfd25ede620b011f2e737061fb2de0917ab41372073005dd85962aa9a80e2b2d15d2a0ee30076817e8e2d3eaa418271cb47081aa568bfcdb044fe2c25470b2
SSDEEP

384:qjQj3eGESCU5WT5NkXEbkzj81DhDYwv82/0agyfbgVFWrfVlsEavvG+9ax:qjQTe/SC8WT3cjwdYQ8lXsbhNQ3GWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5863e5e4e1f4f62ab3fb7959daa0846_JaffaCakes118

Files

a5863e5e4e1f4f62ab3fb7959daa0846_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3fb1057a70887562c049c93ddc8abfae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\master\clone\libs-gui\i18npool\wntmsci12.pro\bin\i18nisolang1MSC.pdb

Imports

sal3

rtl_stringbuffer_insert
rtl_stringbuffer_newFromStr_WithLength
rtl_uStringbuffer_insert
rtl_uStringbuffer_newFromStr_WithLength
rtl_uString_newFromAscii
rtl_uString_newToAsciiUpperCase
rtl_uString_newToAsciiLowerCase
rtl_uString_newFromStr_WithLength
rtl_ustr_indexOfChar_WithLength
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLength
rtl_ustr_asciil_reverseEquals_WithLength
rtl_ustr_ascii_compare_WithLength
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_uString_acquire
rtl_uString_new
rtl_string_newToAsciiUpperCase
rtl_string_newToAsciiLowerCase
rtl_string_newFromStr_WithLength
rtl_str_indexOfChar_WithLength
rtl_str_reverseCompare_WithLength
rtl_string_assign
rtl_string_release
rtl_string_newFromStr
rtl_string_acquire
rtl_string_new
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex

msvcr90

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID

Exports

Exports

??0?$Guard@VMutex@osl@@@osl@@QAE@PAVMutex@1@@Z
??0Locale@lang@star@sun@com@@QAE@ABU01234@@Z
??0Locale@lang@star@sun@com@@QAE@ABVOUString@rtl@@00@Z
??0Locale@lang@star@sun@com@@QAE@XZ
??0OString@rtl@@AAE@PAU_rtl_String@@PAVDO_NOT_ACQUIRE@01@@Z
??0OString@rtl@@QAE@ABV01@@Z
??0OString@rtl@@QAE@PAU_rtl_String@@@Z
??0OString@rtl@@QAE@PBD@Z
??0OString@rtl@@QAE@XZ
??0OStringBuffer@rtl@@QAE@VOString@1@@Z
??0OUString@rtl@@AAE@PAU_rtl_uString@@PAVDO_NOT_ACQUIRE@01@@Z
??0OUString@rtl@@QAE@ABV01@@Z
??0OUString@rtl@@QAE@PAU_rtl_uString@@@Z
??0OUString@rtl@@QAE@PBDJGK@Z
??0OUString@rtl@@QAE@XZ
??0OUStringBuffer@rtl@@QAE@VOUString@1@@Z
??1?$Guard@VMutex@osl@@@osl@@QAE@XZ
??1Locale@lang@star@sun@com@@QAE@XZ
??1OString@rtl@@QAE@XZ
??1OStringBuffer@rtl@@QAE@XZ
??1OUString@rtl@@QAE@XZ
??1OUStringBuffer@rtl@@QAE@XZ
??4MsLangId@@QAEAAV0@ABV0@@Z
??4OString@rtl@@QAEAAV01@ABV01@@Z
??4OUString@rtl@@QAEAAV01@ABV01@@Z
?OStringToOUString@rtl@@YA?AVOUString@1@ABVOString@1@GK@Z
?acquire@Mutex@osl@@QAEEXZ
?append@OStringBuffer@rtl@@QAEAAV12@ABVOString@2@@Z
?append@OStringBuffer@rtl@@QAEAAV12@D@Z
?append@OStringBuffer@rtl@@QAEAAV12@PBDJ@Z
?append@OUStringBuffer@rtl@@QAEAAV12@ABVOUString@2@@Z
?append@OUStringBuffer@rtl@@QAEAAV12@G@Z
?append@OUStringBuffer@rtl@@QAEAAV12@PBGJ@Z
?convertIsoByteStringToLanguage@MsLangId@@SAGABVOString@rtl@@D@Z
?convertIsoNamesToLanguage@MsLangId@@SAGABVOString@rtl@@0@Z
?convertIsoNamesToLanguage@MsLangId@@SAGABVOUString@rtl@@0@Z
?convertIsoStringToLanguage@MsLangId@@SAGABVOUString@rtl@@G@Z
?convertLanguageToIsoByteString@MsLangId@@SA?AVOString@rtl@@GD@Z
?convertLanguageToIsoNames@MsLangId@@SAXGAAVOString@rtl@@0@Z
?convertLanguageToIsoNames@MsLangId@@SAXGAAVOUString@rtl@@0@Z
?convertLanguageToIsoString@MsLangId@@SA?AVOUString@rtl@@GG@Z
?convertLanguageToLocale@MsLangId@@SA?AULocale@lang@star@sun@com@@G_N@Z
?convertLanguageToLocale@MsLangId@@SAXGAAULocale@lang@star@sun@com@@@Z
?convertLanguageToLocaleWithFallback@MsLangId@@SA?AULocale@lang@star@sun@com@@G@Z
?convertLocaleToLanguage@MsLangId@@SAGABULocale@lang@star@sun@com@@@Z
?convertLocaleToLanguageWithFallback@MsLangId@@SAGABULocale@lang@star@sun@com@@@Z
?convertUnxByteStringToLanguage@MsLangId@@SAGABVOString@rtl@@@Z
?copy@OString@rtl@@QBE?AV12@J@Z
?copy@OString@rtl@@QBE?AV12@JJ@Z
?copy@OUString@rtl@@QBE?AV12@J@Z
?copy@OUString@rtl@@QBE?AV12@JJ@Z
?createFromAscii@OUString@rtl@@SA?AV12@PBD@Z
?equals@OString@rtl@@QBEEABV12@@Z
?equalsAscii@OUString@rtl@@QBEEPBD@Z
?equalsAsciiL@OUString@rtl@@QBEEPBDJ@Z
?equalsIgnoreAsciiCaseAscii@OUString@rtl@@QBEEPBD@Z
?getFallbackLanguage@MsLangId@@SAGG@Z
?getFallbackLocale@MsLangId@@SA?AULocale@lang@star@sun@com@@ABU23456@@Z
?getGlobalMutex@Mutex@osl@@SAPAV12@XZ
?getIsoLangEntry@MsLangId@@SAPBUIsoLangEntry@1@I@Z
?getLength@OString@rtl@@QBEJXZ
?getLength@OStringBuffer@rtl@@QBEJXZ
?getLength@OUString@rtl@@QBEJXZ
?getLength@OUStringBuffer@rtl@@QBEJXZ
?getPlatformSystemLanguage@MsLangId@@CAGXZ
?getPlatformSystemUILanguage@MsLangId@@CAGXZ
?getPrimaryLanguage@MsLangId@@SAGG@Z
?getRealLanguage@MsLangId@@SAGG@Z
?getRealLanguageWithoutConfig@MsLangId@@SAGG@Z
?getReplacementForObsoleteLanguage@MsLangId@@SAGG@Z
?getScriptType@MsLangId@@SAFG@Z
?getStr@OString@rtl@@QBEPBDXZ
?getStr@OUString@rtl@@QBEPBGXZ
?getSubLanguage@MsLangId@@SAGG@Z
?getSystemLanguage@MsLangId@@SAGXZ
?getSystemUILanguage@MsLangId@@SAGXZ
?hasForbiddenCharacters@MsLangId@@SA_NG@Z
?indexOf@OString@rtl@@QBEJDJ@Z
?indexOf@OUString@rtl@@QBEJGJ@Z
?isRightToLeft@MsLangId@@SA_NG@Z
?lookupFallbackLanguage@MsLangId@@CAGABULocale@lang@star@sun@com@@@Z
?lookupFallbackLanguage@MsLangId@@CAGG@Z
?lookupFallbackLocale@MsLangId@@CA?AULocale@lang@star@sun@com@@ABU23456@@Z
?lookupFallbackLocale@MsLangId@@CA?AULocale@lang@star@sun@com@@G@Z
?makeLangID@MsLangId@@SAGGG@Z
?makeStringAndClear@OStringBuffer@rtl@@QAE?AVOString@2@XZ
?makeStringAndClear@OUStringBuffer@rtl@@QAE?AVOUString@2@XZ
?nConfiguredAsianFallback@MsLangId@@0GA
?nConfiguredComplexFallback@MsLangId@@0GA
?nConfiguredSystemLanguage@MsLangId@@0GA
?nConfiguredSystemUILanguage@MsLangId@@0GA
?nConfiguredWesternFallback@MsLangId@@0GA
?needsSequenceChecking@MsLangId@@SA_NG@Z
?release@Mutex@osl@@QAEEXZ
?resolveSystemLanguageByScriptType@MsLangId@@SAGGF@Z
?setConfiguredAsianFallback@MsLangId@@SAXG@Z
?setConfiguredComplexFallback@MsLangId@@SAXG@Z
?setConfiguredSystemLanguage@MsLangId@@SAXG@Z
?setConfiguredSystemUILanguage@MsLangId@@SAXG@Z
?setConfiguredWesternFallback@MsLangId@@SAXG@Z
?simplifySystemLanguages@MsLangId@@CAGG@Z
?toAsciiLowerCase@OString@rtl@@QBE?AV12@XZ
?toAsciiLowerCase@OUString@rtl@@QBE?AV12@XZ
?toAsciiUpperCase@OString@rtl@@QBE?AV12@XZ
?toAsciiUpperCase@OUString@rtl@@QBE?AV12@XZ
GetVersionInfo

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fb1057a70887562c049c93ddc8abfae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 956B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 578B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 956B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 578B