d61fc6ee427307984b38235c616ac12b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d61fc6ee427307984b38235c616ac12b_JaffaCakes118
Size

13KB
MD5

d61fc6ee427307984b38235c616ac12b
SHA1

98dc8c80af6bb674d32f01bdfb79452e161e02d4
SHA256

80cb988f79d8dd993aacd78b7c0a072546bd7621dfda4352f6a8c464e3bee41c
SHA512

6edaea3bd3c5520a814378902ef9582e8e99e9bf96e7d0ded7ca917a5d8087e69405c35b62ccb701da948050c0be6dce9a36c1c610d38541dfd8fd658b8e3baa
SSDEEP

384:l6GVT5Ed1+BAGNvgA4EjcsXEKZOtk0abOXcC5La:l6YdEYrZfROXcCV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61fc6ee427307984b38235c616ac12b_JaffaCakes118

Files

d61fc6ee427307984b38235c616ac12b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

abe30b1c00dee32a809111498310a349

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\OOO320\src\salhelper\wntmsci12.pro\bin\salhelper3MSC.pdb

Imports

msvcr90

_except_handler4_common
_onexit
_crt_debugger_hook
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_encode_pointer
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
??2@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_CxxThrowException
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

sal3

rtl_uString_acquire
rtl_uString_release
osl_unloadModule
osl_getFunctionSymbol
osl_loadModule
osl_resetCondition
osl_setCondition
osl_destroyCondition
osl_createCondition
osl_releaseMutex
osl_acquireMutex
osl_waitCondition

Exports

Exports

??0Condition@salhelper@@QAE@AAVMutex@osl@@@Z
??0ConditionModifier@salhelper@@QAE@AAVCondition@1@@Z
??0ConditionWaiter@salhelper@@QAE@AAVCondition@1@@Z
??0ConditionWaiter@salhelper@@QAE@AAVCondition@1@K@Z
??0ORealDynamicLoader@salhelper@@IAE@PAPAV01@ABVOUString@rtl@@1PAX2@Z
??0timedout@ConditionWaiter@salhelper@@QAE@ABU012@@Z
??0timedout@ConditionWaiter@salhelper@@QAE@XZ
??1Condition@salhelper@@UAE@XZ
??1ConditionModifier@salhelper@@QAE@XZ
??1ConditionWaiter@salhelper@@QAE@XZ
??1ORealDynamicLoader@salhelper@@MAE@XZ
??1SimpleReferenceObject@salhelper@@MAE@XZ
??1timedout@ConditionWaiter@salhelper@@UAE@XZ
??2SimpleReferenceObject@salhelper@@SAPAXI@Z
??2SimpleReferenceObject@salhelper@@SAPAXIABUnothrow_t@std@@@Z
??3SimpleReferenceObject@salhelper@@SAXPAX@Z
??3SimpleReferenceObject@salhelper@@SAXPAXABUnothrow_t@std@@@Z
??4timedout@ConditionWaiter@salhelper@@QAEAAU012@ABU012@@Z
??_7ORealDynamicLoader@salhelper@@6B@
??_7SimpleReferenceObject@salhelper@@6B@
?acquire@ORealDynamicLoader@salhelper@@QAAKXZ
?getApi@ORealDynamicLoader@salhelper@@QBAPAXXZ
?newInstance@ORealDynamicLoader@salhelper@@SAPAV12@PAPAV12@ABVOUString@rtl@@1@Z
?release@ORealDynamicLoader@salhelper@@QAAKXZ
GetVersionInfo

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe30b1c00dee32a809111498310a349

Headers

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

sal3

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 600B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 600B