af692b9846bea5c58ecc72adba615c98_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af692b9846bea5c58ecc72adba615c98_JaffaCakes118
Size

215KB
MD5

af692b9846bea5c58ecc72adba615c98
SHA1

933af16c604cfd6d79b1be98d76ed00e671bbba4
SHA256

15fa97083332bb50183232647b0b0b8042578a6513b8eba7c0d04c33cb3e53ea
SHA512

20c98cf5f51094e4f9c6548ab0f50c0e7aa7dd7472fc70a77b9849c34d2ce51bce9083c4e40de8776d1ec36653173f310facafe1972decafe61875a0d1eb12cf
SSDEEP

6144:6Y6zONr3I8ABKeTnOaAcAs73ucDCAZDgX:6JKQXOaAcAs7+FAZ0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af692b9846bea5c58ecc72adba615c98_JaffaCakes118

Files

af692b9846bea5c58ecc72adba615c98_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27c620a0f4ef5b5acdfbcb5434e8868c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\OOO330\ooo\extensions\wntmsci12.pro\bin\nsplugin.pdb

Imports

cppu3

cppu_unsatisfied_iset_msg
uno_type_assignData
uno_type_sequence_reference2One
uno_type_any_assign
uno_type_destructData
uno_type_sequence_construct
cppu_unsatisfied_iquery_msg
typelib_static_type_getByTypeClass
typelib_static_sequence_type_init
typelib_static_type_init
uno_any_destruct
uno_type_any_construct

cppuhelper3msc

??1OWeakObject@cppu@@MAE@XZ
??0OWeakObject@cppu@@QAE@XZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?release@OWeakObject@cppu@@UAAXXZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?defaultBootstrap_InitialComponentContext@cppu@@YA?AV?$Reference@VXComponentContext@uno@star@sun@com@@@uno@star@sun@com@@XZ

sal3

sal_detail_initialize
sal_detail_deinitialize
osl_getThreadTextEncoding
rtl_convertStringToUString
osl_executeProcess
osl_freeProcessHandle
osl_waitThread
osl_freeSecurityHandle
osl_getCurrentSecurity
rtl_uStringbuffer_insert_ascii
rtl_uStringbuffer_insert
rtl_uString_new_WithLength
rtl_bootstrap_get_from_handle
rtl_bootstrap_args_open
rtl_bootstrap_get
rtl_ustr_valueOfInt32
rtl_uString_newFromStr_WithLength
rtl_ustr_hashCode_WithLength
rtl_uString_newConcat
osl_getGlobalMutex
osl_releaseMutex
osl_acquireMutex
osl_getProcessLocale
osl_getTextEncodingFromLocale
rtl_freeMemory
rtl_allocateMemory
rtl_uString_newFromAscii
rtl_uString_assign
rtl_string2UString
rtl_string_release
rtl_uString2String
rtl_uString_acquire
rtl_uString_release
rtl_uString_new
rtl_bootstrap_args_close

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetSystemTimeAsFileTime
CreateFileW
SetLastError
CloseHandle
ReadFile

user32

GetWindowLongA
SetWindowLongA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

msvcr90

??0exception@std@@QAE@ABQBDH@Z
strstr
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
_exit
atoi
memset
__argc
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__argv
sprintf

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27c620a0f4ef5b5acdfbcb5434e8868c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cppu3

cppuhelper3msc

sal3

kernel32

user32

advapi32

msvcr90

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text Size: 170KB - Virtual size: 172KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 170KB - Virtual size: 172KB