fc66d58547d611b8ddab8669673fab94_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fc66d58547d611b8ddab8669673fab94_JaffaCakes118
Size

25KB
MD5

fc66d58547d611b8ddab8669673fab94
SHA1

08934e0c289a6f3d50ee12782cf39bf06e4650c5
SHA256

87cda6d081234b90069833d2b14078458a23e3a342d7883db2deb3b1f89a10e5
SHA512

6ab800602bdd465dbde2487185a655f1502b17880d414b54b068297c3eb80d377ab3b08fd36bf3e72f012a0460c9582c04108902d80bca8ee74012a2e914d6f0
SSDEEP

384:i632uMrjb6gyNgSVBMpaNM6ucVVDYwv82/vmgyft10h5jM1OvevvG+9lO:N1Mr/6dNTrMGVxYQ8WjstugWe3GWg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc66d58547d611b8ddab8669673fab94_JaffaCakes118

Files

fc66d58547d611b8ddab8669673fab94_JaffaCakes118
.dll windows:5 windows x86 arch:x86

85be82afef6aef3a23df8cd5d4244f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\OOO330\ooo\i18npool\wntmsci12.pro\bin\i18nisolang1MSC.pdb

Imports

sal3

rtl_stringbuffer_insert
rtl_stringbuffer_newFromStr_WithLength
rtl_uStringbuffer_insert
rtl_uStringbuffer_newFromStr_WithLength
rtl_uString_newFromAscii
rtl_uString_newToAsciiUpperCase
rtl_uString_newToAsciiLowerCase
rtl_uString_newFromStr_WithLength
rtl_ustr_indexOfChar_WithLength
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLength
rtl_ustr_ascii_compare_WithLength
osl_releaseMutex
osl_getGlobalMutex
rtl_uString_assign
rtl_uString_release
rtl_string2UString
rtl_uString_acquire
rtl_uString_new
rtl_string_newToAsciiUpperCase
rtl_string_newToAsciiLowerCase
rtl_string_newFromStr_WithLength
rtl_str_indexOfChar_WithLength
rtl_str_reverseCompare_WithLength
rtl_string_assign
rtl_string_release
rtl_string_newFromStr
rtl_string_acquire
rtl_string_new
osl_acquireMutex

msvcr90

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm

uwinapi

GetUserDefaultUILanguage

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID

Exports

Exports

??0?$Guard@VMutex@osl@@@osl@@QAE@PAVMutex@1@@Z
??0Locale@lang@star@sun@com@@QAE@ABU01234@@Z
??0Locale@lang@star@sun@com@@QAE@ABVOUString@rtl@@00@Z
??0Locale@lang@star@sun@com@@QAE@XZ
??0OString@rtl@@AAE@PAU_rtl_String@@PAVDO_NOT_ACQUIRE@01@@Z
??0OString@rtl@@QAE@ABV01@@Z
??0OString@rtl@@QAE@PAU_rtl_String@@@Z
??0OString@rtl@@QAE@PBD@Z
??0OString@rtl@@QAE@XZ
??0OStringBuffer@rtl@@QAE@VOString@1@@Z
??0OUString@rtl@@AAE@PAU_rtl_uString@@PAVDO_NOT_ACQUIRE@01@@Z
??0OUString@rtl@@QAE@ABV01@@Z
??0OUString@rtl@@QAE@PAU_rtl_uString@@@Z
??0OUString@rtl@@QAE@PBDJGK@Z
??0OUString@rtl@@QAE@XZ
??0OUStringBuffer@rtl@@QAE@VOUString@1@@Z
??1?$Guard@VMutex@osl@@@osl@@QAE@XZ
??1Locale@lang@star@sun@com@@QAE@XZ
??1OString@rtl@@QAE@XZ
??1OStringBuffer@rtl@@QAE@XZ
??1OUString@rtl@@QAE@XZ
??1OUStringBuffer@rtl@@QAE@XZ
??4MsLangId@@QAEAAV0@ABV0@@Z
??4OString@rtl@@QAEAAV01@ABV01@@Z
??4OUString@rtl@@QAEAAV01@ABV01@@Z
?OStringToOUString@rtl@@YA?AVOUString@1@ABVOString@1@GK@Z
?acquire@Mutex@osl@@QAEEXZ
?append@OStringBuffer@rtl@@QAEAAV12@ABVOString@2@@Z
?append@OStringBuffer@rtl@@QAEAAV12@D@Z
?append@OStringBuffer@rtl@@QAEAAV12@PBDJ@Z
?append@OUStringBuffer@rtl@@QAEAAV12@ABVOUString@2@@Z
?append@OUStringBuffer@rtl@@QAEAAV12@G@Z
?append@OUStringBuffer@rtl@@QAEAAV12@PBGJ@Z
?convertIsoByteStringToLanguage@MsLangId@@SAGABVOString@rtl@@D@Z
?convertIsoNamesToLanguage@MsLangId@@SAGABVOString@rtl@@0@Z
?convertIsoNamesToLanguage@MsLangId@@SAGABVOUString@rtl@@0@Z
?convertIsoStringToLanguage@MsLangId@@SAGABVOUString@rtl@@G@Z
?convertLanguageToIsoByteString@MsLangId@@SA?AVOString@rtl@@GD@Z
?convertLanguageToIsoNames@MsLangId@@SAXGAAVOString@rtl@@0@Z
?convertLanguageToIsoNames@MsLangId@@SAXGAAVOUString@rtl@@0@Z
?convertLanguageToIsoString@MsLangId@@SA?AVOUString@rtl@@GG@Z
?convertLanguageToLocale@MsLangId@@SA?AULocale@lang@star@sun@com@@G_N@Z
?convertLanguageToLocale@MsLangId@@SAXGAAULocale@lang@star@sun@com@@@Z
?convertLanguageToLocaleWithFallback@MsLangId@@SA?AULocale@lang@star@sun@com@@G@Z
?convertLocaleToLanguage@MsLangId@@SAGABULocale@lang@star@sun@com@@@Z
?convertLocaleToLanguageWithFallback@MsLangId@@SAGABULocale@lang@star@sun@com@@@Z
?convertUnxByteStringToLanguage@MsLangId@@SAGABVOString@rtl@@@Z
?copy@OString@rtl@@QBE?AV12@J@Z
?copy@OString@rtl@@QBE?AV12@JJ@Z
?copy@OUString@rtl@@QBE?AV12@J@Z
?copy@OUString@rtl@@QBE?AV12@JJ@Z
?createFromAscii@OUString@rtl@@SA?AV12@PBD@Z
?equals@OString@rtl@@QBEEABV12@@Z
?equalsAscii@OUString@rtl@@QBEEPBD@Z
?equalsIgnoreAsciiCaseAscii@OUString@rtl@@QBEEPBD@Z
?getFallbackLanguage@MsLangId@@SAGG@Z
?getFallbackLocale@MsLangId@@SA?AULocale@lang@star@sun@com@@ABU23456@@Z
?getGlobalMutex@Mutex@osl@@SAPAV12@XZ
?getIsoLangEntry@MsLangId@@SAPBUIsoLangEntry@1@I@Z
?getLength@OString@rtl@@QBEJXZ
?getLength@OStringBuffer@rtl@@QBEJXZ
?getLength@OUString@rtl@@QBEJXZ
?getLength@OUStringBuffer@rtl@@QBEJXZ
?getPlatformSystemLanguage@MsLangId@@CAGXZ
?getPlatformSystemUILanguage@MsLangId@@CAGXZ
?getPrimaryLanguage@MsLangId@@SAGG@Z
?getRealLanguage@MsLangId@@SAGG@Z
?getRealLanguageWithoutConfig@MsLangId@@SAGG@Z
?getReplacementForObsoleteLanguage@MsLangId@@SAGG@Z
?getScriptType@MsLangId@@SAFG@Z
?getStr@OString@rtl@@QBEPBDXZ
?getStr@OUString@rtl@@QBEPBGXZ
?getSubLanguage@MsLangId@@SAGG@Z
?getSystemLanguage@MsLangId@@SAGXZ
?getSystemUILanguage@MsLangId@@SAGXZ
?hasForbiddenCharacters@MsLangId@@SA_NG@Z
?indexOf@OString@rtl@@QBEJDJ@Z
?indexOf@OUString@rtl@@QBEJGJ@Z
?isRightToLeft@MsLangId@@SA_NG@Z
?lookupFallbackLanguage@MsLangId@@CAGABULocale@lang@star@sun@com@@@Z
?lookupFallbackLanguage@MsLangId@@CAGG@Z
?lookupFallbackLocale@MsLangId@@CA?AULocale@lang@star@sun@com@@ABU23456@@Z
?lookupFallbackLocale@MsLangId@@CA?AULocale@lang@star@sun@com@@G@Z
?makeLangID@MsLangId@@SAGGG@Z
?makeStringAndClear@OStringBuffer@rtl@@QAE?AVOString@2@XZ
?makeStringAndClear@OUStringBuffer@rtl@@QAE?AVOUString@2@XZ
?nConfiguredAsianFallback@MsLangId@@0GA
?nConfiguredComplexFallback@MsLangId@@0GA
?nConfiguredSystemLanguage@MsLangId@@0GA
?nConfiguredSystemUILanguage@MsLangId@@0GA
?nConfiguredWesternFallback@MsLangId@@0GA
?needsSequenceChecking@MsLangId@@SA_NG@Z
?release@Mutex@osl@@QAEEXZ
?resolveSystemLanguageByScriptType@MsLangId@@SAGGF@Z
?setConfiguredAsianFallback@MsLangId@@SAXG@Z
?setConfiguredComplexFallback@MsLangId@@SAXG@Z
?setConfiguredSystemLanguage@MsLangId@@SAXG@Z
?setConfiguredSystemUILanguage@MsLangId@@SAXG@Z
?setConfiguredWesternFallback@MsLangId@@SAXG@Z
?simplifySystemLanguages@MsLangId@@CAGG@Z
?toAsciiLowerCase@OString@rtl@@QBE?AV12@XZ
?toAsciiLowerCase@OUString@rtl@@QBE?AV12@XZ
?toAsciiUpperCase@OString@rtl@@QBE?AV12@XZ
?toAsciiUpperCase@OUString@rtl@@QBE?AV12@XZ
GetVersionInfo

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85be82afef6aef3a23df8cd5d4244f6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sal3

msvcr90

uwinapi

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 956B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 576B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 956B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 576B