f9fda0b09de86499ce37f4578a5df18a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9fda0b09de86499ce37f4578a5df18a_JaffaCakes118
Size

113KB
MD5

f9fda0b09de86499ce37f4578a5df18a
SHA1

728d9ad8b4277124fac2bac52e8f583124862036
SHA256

59ff220cb7df0e654fdf355be1ffd881b2e80c9c9e0b7f60c1bcd134805619ce
SHA512

183ed5bed43cd7db76ca5820a51944b3c43ea90ca6ef41579d22c967ec495b32fa14d747264df7719f218bcf492789f2326ec52bd66dd8a69a63c481c6956ffe
SSDEEP

3072:T1+smNf5aNsIk9+Lk5CKa+vmLNOR9bXW:TYsmNf5bfClBOR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9fda0b09de86499ce37f4578a5df18a_JaffaCakes118

Files

f9fda0b09de86499ce37f4578a5df18a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7a326d84cdadaa93875b509ba34f4763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\xmlsecurity\wntmsci12.pro\bin\xsec_xmlsec.pdb

Imports

msvcr90

??_V@YAXPAX@Z
malloc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
??_U@YAPAXI@Z
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_stricmp
fflush
vfprintf
fprintf
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__iob_func

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
InterlockedExchange
DisableThreadLibraryCalls

sal3

osl_getGlobalMutex
rtl_uString_new
rtl_uString_newTrim
rtl_uString_newFromStr_WithLength
rtl_string2UString
rtl_uString_newFromStr
rtl_zeroMemory
rtl_createUuid
osl_getThreadTextEncoding
osl_getProcessLocale
osl_getTextEncodingFromLocale
rtl_ustr_compare_WithLength
rtl_compareMemory
rtl_ustr_asciil_reverseEquals_WithLength
rtl_string_newConcat
rtl_string_assign
rtl_string_newFromStr
rtl_string_acquire
rtl_string_release
rtl_uString2String
rtl_freeMemory
rtl_uString_acquire
rtl_ustr_compareIgnoreAsciiCase_WithLength
osl_releaseMutex
osl_acquireMutex
osl_incrementInterlockedCount
rtl_allocateMemory
rtl_uString_newFromAscii
rtl_ustr_reverseCompare_WithLength
rtl_uString_newConcat
rtl_uString_release
rtl_uString_assign
rtl_getUriCharClass
rtl_bootstrap_get
rtl_uriEncode

cppu3

uno_any_destruct
uno_type_sequence_reference2One
uno_type_sequence_assign
uno_type_sequence_construct
uno_type_destructData
typelib_static_type_init
typelib_static_sequence_type_init
typelib_static_type_getByTypeClass

cppuhelper3msc

??1OImplementationId@cppu@@QAE@XZ
?getImplementationId@OImplementationId@cppu@@QBA?AV?$Sequence@C@uno@star@sun@com@@XZ
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?acquire@OWeakObject@cppu@@UAAXXZ
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?createSingleFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?createSingleComponentFactory@cppu@@YA?AV?$Reference@VXSingleComponentFactory@lang@star@sun@com@@@uno@star@sun@com@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@ABV?$Reference@VXComponentContext@uno@star@sun@com@@@3456@@ZABVOUString@rtl@@ABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?release@OWeakObject@cppu@@UAAXXZ
??1OWeakObject@cppu@@MAE@XZ
??0OWeakObject@cppu@@QAE@XZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ

xomi

?release@?$WeakImplHelper3@VXAttributeList@sax@xml@star@sun@com@@VXCloneable@util@456@VXUnoTunnel@lang@456@@cppu@@UAAXXZ
?acquire@?$WeakImplHelper3@VXAttributeList@sax@xml@star@sun@com@@VXCloneable@util@456@VXUnoTunnel@lang@456@@cppu@@UAAXXZ
?queryInterface@?$WeakImplHelper3@VXAttributeList@sax@xml@star@sun@com@@VXCloneable@util@456@VXUnoTunnel@lang@456@@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
?AddAttribute@SvXMLAttributeList@@QAEXABVOUString@rtl@@0@Z
??0SvXMLAttributeList@@QAE@XZ
??1SvXMLAttributeList@@UAE@XZ

libxmlsec-mscrypto

xmlSecMSCryptoAppliedKeysMngrPubKeyLoad
xmlSecMSCryptoAppInit
xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore
xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore
xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore
xmlSecMSCryptoAppliedKeysMngrPriKeyLoad
xmlSecMSCryptoAppliedKeysMngrSymKeyLoad
xmlSecMSCryptoAppliedKeysMngrCreate
xmlSecMSCryptoShutdown
xmlSecMSCryptoInit
xmlSecMSCryptoAppShutdown

libxmlsec

xmlSecKeysMngrDestroy
xmlSecBnSetData
xmlSecBnToDecString
xmlSecBase64Decode
xmlSecBnFromDecString
xmlSecBnFinalize
xmlSecBnGetSize
xmlSecBnGetData
xmlSecShutdown
xmlSecInit
xmlSecEncCtxDestroy
xmlSecEncCtxXmlEncrypt
xmlSecEncCtxCreate
xmlSecDSigCtxVerify
xmlSecDSigCtxCreate
xmlSecDSigCtxSign
xmlSecDSigCtxDestroy
xmlSecBnInitialize
xmlSecErrorsSetCallback
xmlSecIOCleanupCallbacks
xmlSecIORegisterCallbacks
xmlSecIORegisterDefaultCallbacks
xmlSecEncCtxDecrypt

libxml2

xmlAddNextSibling
xmlNewInputStream
xmlInitParser
xmlCheckVersion
xmlSubstituteEntitiesDefault
xmlNewParserCtxt
xmlSAXVersion
xmlMalloc
xmlFreeParserCtxt
xmlStrlen
xmlGetLastChild
xmlFreeDoc
xmlHasProp
xmlNodeListGetString
xmlAddID
xmlRemoveID
xmlUnlinkNode
xmlFreeNode
xmlStrndup
xmlFree

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertStrToNameA
CertAddCertificateContextToStore
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateChain
CertDuplicateStore
CertAddStoreToCollection
CryptAcquireCertificatePrivateKey
CertCompareCertificateName
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptDecodeObject
CertFindExtension
CertOpenSystemStoreA
CertGetCertificateChain
CertCloseStore
CertGetCertificateContextProperty
CertNameToStrW
CertNameToStrA

advapi32

CryptDestroyKey
CryptReleaseContext

stlport_vc7145

?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a326d84cdadaa93875b509ba34f4763

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

sal3

cppu3

cppuhelper3msc

xomi

libxmlsec-mscrypto

libxmlsec

libxml2

crypt32

advapi32

stlport_vc7145

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB